Download Alloy APS-48T4SFP User manual

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

296

297

298

299

300

301

302

303

304

305

306

307

308

309

310

311

312

313

314

315

316

317

318

319

320

321

322

323

324

325

326

327

328

329

330

331

332

333

334

Transcript

APS Series Gigabit Managed Switches
APS-10T2SFP
APS-26T6SFP
APS-48T4SFP
APS-24T4S4SP
APS-48T4S4SP
User Manual
Version: 1.0.1 Oct 2012
APS User Manual
About this Guide ____________________________________________________________ 6
Compliances and Safety Statements ____________________________________________ 7
Introduction _____________________________________________________________ 11
Overview ____________________________________________________________________ 11
1. Operation of the Web-based Management ___________________________________ 12
1.1 System________________________________________________________________ 14
1.1.1 System Information________________________________________________________ 14
1.1.1-1 Information ____________________________________________________________________ 14
1.1.1-2 Configuration ___________________________________________________________________ 16
1.1.1-3 CPU Load ______________________________________________________________________ 17
1.1.2 Time ____________________________________________________________________ 18
1.1.2-1 Manual ________________________________________________________________________ 18
1.1.2-2 NTP ___________________________________________________________________________ 20
1.1.3 Account _________________________________________________________________ 21
1.1.3-1 Users __________________________________________________________________________ 21
1.1.3-2 Privilege Level __________________________________________________________________ 23
1.1.4 IP ______________________________________________________________________ 24
1.1.4-1 IPv4 ___________________________________________________________________________ 24
1.1.4-2 IPv6 ___________________________________________________________________________ 26
1.1.5 Syslog ___________________________________________________________________ 28
1.1.5-1 Configuration ___________________________________________________________________ 28
1.1.5-2 Log ___________________________________________________________________________ 29
1.1.5-3 Detailed Log ____________________________________________________________________ 30
1.1.6 SNMP ___________________________________________________________________ 31
1.1.6-1 System ________________________________________________________________________ 31
1.1.6-2 Configuration ___________________________________________________________________ 32
1.1.6-3 Communities ___________________________________________________________________ 33
1.1.6-4 Users __________________________________________________________________________ 35
1.1.6-5 Groups ________________________________________________________________________ 38
1.1.6-6 Views _________________________________________________________________________ 40
1.1.6-7 Access _________________________________________________________________________ 42
1.1.6-8 Trap __________________________________________________________________________ 44
1.2 Configuration __________________________________________________________ 47
1.2.1 Port ____________________________________________________________________ 47
1.2.1-1 Configuration ___________________________________________________________________ 47
1.2.1-2 Port Description _________________________________________________________________ 50
1.2.1-3 Traffic Overview _________________________________________________________________ 51
1
APS User Manual
1.2.1-4 Detailed Statistics _______________________________________________________________ 53
1.2.1-5 QoS Statistics ___________________________________________________________________ 55
1.2.1-6 SFP Information _________________________________________________________________ 56
1.2.1-7 EEE ___________________________________________________________________________ 58
1.2.2 ACL _____________________________________________________________________ 60
1.2.2-1 Ports __________________________________________________________________________ 60
1.2.2-2 Rate Limiters ___________________________________________________________________ 63
1.2.2-3 Access Control List _______________________________________________________________ 65
1.2.2-4 ACL Status _____________________________________________________________________ 75
1.2.3 Aggregation ______________________________________________________________ 77
1.2.3-1 Static Trunk ____________________________________________________________________ 77
1.2.3-2 LACP __________________________________________________________________________ 80
1.2.3-2-1 Configuration _______________________________________________________________ 80
1.2.3-2-2 System Status _______________________________________________________________ 82
1.2.3-2-3 Port Status _________________________________________________________________ 83
1.2.3-2-4 Port Statistics _______________________________________________________________ 85
1.2.4 Spanning Tree ____________________________________________________________ 87
1.2.4-1 Bridge Settings __________________________________________________________________ 89
1.2.4-2 MSTI Mapping __________________________________________________________________ 91
1.2.4-4 CIST Ports ______________________________________________________________________ 94
1.2.4-5 MSTI Ports _____________________________________________________________________ 96
1.2.4-6 Bridge Status ___________________________________________________________________ 98
1.2.4-7 Port Status ____________________________________________________________________ 100
1.2.4-8 Port Statistics __________________________________________________________________ 102
1.2.5 IGMP Snooping __________________________________________________________ 104
1.2.5-1 Basic Configuration _____________________________________________________________ 105
1.2.5-2 VLAN Configuration _____________________________________________________________ 107
1.2.5-3 Port Group Filtering _____________________________________________________________ 109
1.2.5-4 Status ________________________________________________________________________ 111
1.2.5-5 Groups Information _____________________________________________________________ 113
1.2.5-6 IPv4 SSM Information ___________________________________________________________ 115
1.2.6 MLD Snooping ___________________________________________________________ 117
1.2.6-1 Basic Configuration _____________________________________________________________ 117
1.2.6-2 VLAN Configuration _____________________________________________________________ 120
1.2.6-3 Port Group Filtering _____________________________________________________________ 122
1.2.6-4 Status ________________________________________________________________________ 124
1.2.6-5 Groups Information _____________________________________________________________ 126
1.2.6-6 IPv6 SSM Information ___________________________________________________________ 128
1.2.7 MVR ___________________________________________________________________ 130
1.2.7-1 Configuration __________________________________________________________________ 130
1.2.7-2 Groups Information _____________________________________________________________ 132
1.2.7-3 Statistics ______________________________________________________________________ 133
1.2.8 LLDP ___________________________________________________________________ 135
2
APS User Manual
1.2.8-1 LLDP Configuration _____________________________________________________________ 135
1.2.8-2 LLDP Neighbors ________________________________________________________________ 138
1.2.8-3 LLDP-MED Configuration _________________________________________________________ 140
1.2.8-4 LLDP-MED Neighbors ____________________________________________________________ 147
1.2.8-5 EEE __________________________________________________________________________ 152
1.2.8-6 Port Statistics __________________________________________________________________ 154
1.2.9 POE____________________________________________________________________ 156
1.2.9-1 Configuration __________________________________________________________________ 156
1.2.9-2 Status ________________________________________________________________________ 158
1.2.9-3 Power Delay ___________________________________________________________________ 160
1.2.9-4 Auto Checking _________________________________________________________________ 162
1.2.9-5 Scheduling ____________________________________________________________________ 164
1.2.10 Filtering Data Base ______________________________________________________ 166
1.2.10-1 Configuration _________________________________________________________________ 166
1.2.10-2 Dynamic MAC Table ____________________________________________________________ 168
1.2.11 VLAN _________________________________________________________________ 169
1.2.11-1 VLAN Membership _____________________________________________________________ 169
1.2.11-2 Ports ________________________________________________________________________ 171
1.2.11-3 Switch Status _________________________________________________________________ 174
1.2.11-4 Port Status ___________________________________________________________________ 176
1.2.11-5 Private VLAN _________________________________________________________________ 178
1.2.11-5-1 Private VLAN Membership __________________________________________________ 178
1.2.11-5-2 Port Isolation _____________________________________________________________ 180
1.2.11-6 MAC-based VLAN ______________________________________________________________ 181
1.2.11-6-1 Configuration _____________________________________________________________ 181
1.2.11-6-2 Status ___________________________________________________________________ 183
1.2.11-7 Protocol-based VLAN ___________________________________________________________ 184
1.2.11-7-1 Protocol to Group _________________________________________________________ 184
1.2.11-7-2 Group to VLAN ____________________________________________________________ 187
1.2.12 Voice VLAN ____________________________________________________________ 189
1.2.12-1 Configuration _________________________________________________________________ 189
1.2.12-2 OUI _________________________________________________________________________ 192
1.2.13 GARP _________________________________________________________________ 194
1.2.13-1 Configuration _________________________________________________________________ 194
1.2.13-2 Statistics _____________________________________________________________________ 197
1.2.14 GVRP _________________________________________________________________ 198
1.2.14-1 Configuration _________________________________________________________________ 198
1.2.14-2 Statistics _____________________________________________________________________ 200
1.2.15 QoS___________________________________________________________________ 201
1.2.15-1 Port Classification _____________________________________________________________ 201
1.2.15-2 Port Policing __________________________________________________________________ 203
1.2.15-3 Port Scheduler ________________________________________________________________ 204
1.2.15-4 Port Shaping __________________________________________________________________ 208
3
APS User Manual
1.2.15-5 Port Tag Remarking ____________________________________________________________ 212
1.2.15-6 Port DSCP ____________________________________________________________________ 215
1.2.15-7 DSCP-based QoS ______________________________________________________________ 217
1.2.15-8 DSCP Translation ______________________________________________________________ 219
1.2.15-9 DSCP Classification _____________________________________________________________ 221
1.2.15-10 QoS Control List ______________________________________________________________ 222
1.2.15-11 QCL Status __________________________________________________________________ 227
1.2.15-12 Storm Control _______________________________________________________________ 229
1.2.16 s-Flow Agent ___________________________________________________________ 231
1.2.16-1 Collector _____________________________________________________________________ 231
1.2.16-2 Sampler _____________________________________________________________________ 233
1.2.17 Loop Protection _________________________________________________________ 235
1.2.17-1 Configuration _________________________________________________________________ 235
1.2.17-2 Status _______________________________________________________________________ 237
1.2.18 Single IP _______________________________________________________________ 238
1.2.18-1 Configuration _________________________________________________________________ 238
1.2.18-2 Information __________________________________________________________________ 240
1.2.19 Easy Port ______________________________________________________________ 242
1.2.20 Mirroring ______________________________________________________________ 245
1.2.21 Trap Event Severity ______________________________________________________ 247
1.2.22 SMTP Configuration _____________________________________________________ 249
1.2.23 UPnP _________________________________________________________________ 251
1.3 Security ______________________________________________________________ 253
1.3.1 IP Source Guard __________________________________________________________ 253
1.3.1-1 Configuration __________________________________________________________________ 253
1.3.1-2 Static Table ____________________________________________________________________ 255
1.3.1-3 Dynamic Table _________________________________________________________________ 257
1.3.2 ARP Inspection __________________________________________________________ 259
1.3.2-1 Configuration __________________________________________________________________ 259
1.3.2-2 Static Table ____________________________________________________________________ 261
1.3.2-3 Dynamic Table _________________________________________________________________ 263
1.3.3 DHCP Snooping __________________________________________________________ 265
1.3.3-1 Configuration __________________________________________________________________ 265
1.3.3-2 Statistics ______________________________________________________________________ 267
1.3.4 DHCP Replay ____________________________________________________________ 269
1.3.4-1 Configuration __________________________________________________________________ 269
1.3.4-2 Statistics ______________________________________________________________________ 271
1.3.5 NAS ___________________________________________________________________ 273
1.3.5-1 Configuration __________________________________________________________________ 273
4
APS User Manual
1.3.5-2 Switch Status __________________________________________________________________ 284
1.3.5-3 Port Status ____________________________________________________________________ 286
1.3.6 AAA ___________________________________________________________________ 287
1.3.6-1 Configuration __________________________________________________________________ 287
1.3.6-2 RADIUS Overview _______________________________________________________________ 291
1.3.6-3 RADIUS Details _________________________________________________________________ 293
1.3.7 Port Security ____________________________________________________________ 299
1.3.7-1 Limit Control __________________________________________________________________ 299
1.3.7-2 Switch Status __________________________________________________________________ 302
1.3.7-3 Port Status ____________________________________________________________________ 304
1.3.8 Access Management ______________________________________________________ 306
1.3.8-1 Configuration __________________________________________________________________ 306
1.3.8-2 Statistics ______________________________________________________________________ 308
1.3.9 SSH ____________________________________________________________________ 310
1.3.10 HTTPS _________________________________________________________________ 311
1.3.11 Auth Method ___________________________________________________________ 313
1.4 Maintenance _________________________________________________________ 315
1.4.1 Restart Device ___________________________________________________________ 315
1.4.2 Firmware _______________________________________________________________ 316
1.4.2-1 Firmware Upgrade ______________________________________________________________ 316
1.4.2-2 Firmware Selection _____________________________________________________________ 318
1.4.3 Save/Restore ____________________________________________________________ 320
1.4.3-1 Factory Defaults ________________________________________________________________ 320
1.4.3-2 Save Start _____________________________________________________________________ 321
1.4.3-3 Save User _____________________________________________________________________ 322
1.4.3-4 Restore User___________________________________________________________________ 323
1.4.4 Export/Import ___________________________________________________________ 324
1.4.4-1 Export Configuration ____________________________________________________________ 324
1.4.4-2 Import Configuration ____________________________________________________________ 325
1.4.5 Diagnostics______________________________________________________________ 326
1.4.5-1 Ping __________________________________________________________________________ 326
1.4.5-2 Ping6 _________________________________________________________________________ 328
1.4.5-3 VeriPHY_______________________________________________________________________ 329
2. Specifications __________________________________________________________ 330
5
APS User Manual
About this Guide
Purpose
this guide gives specific information on how to operate and use the management functions of the
switch.
Audience
The guide is intended for use by network administrators who are responsible for operating and
maintaining network equipment; consequently, it assumes a basic working knowledge of general
switch functions, the Internet Protocol (IP), and Simple Network Management Protocol (SNMP).
Warranty
The APS series comes with a standard 3 year warranty. For full Alloy warranty terms and conditions
please follow the link below:
http://www.alloy.com.au/Warranty
Conventions
The following conventions are used throughout this guide to show information:
NOTE: Emphasizes important information or calls your attention to
related features or instructions.
WARNING: Alerts you to a potential hazard that could cause
personal injury.
CAUTION: Alerts you to a potential hazard that could cause loss of
data, or damage the system or equipment.
6
APS User Manual
Compliances and Safety Statements
Federal Communications Commission (FCC) Statement
This equipment has been tested and found to comply with the limits for a Class A digital device,
pursuant to part 15 of the FCC Rules. These limits are designed to provide reasonable protection
against harmful interference in a residential installation. This equipment generates, uses and can
radiate radio frequency energy and, if not installed and used in accordance with the instructions,
may cause harmful interference to radio communications. However, there is no guarantee that
interference will not occur in a particular installation. If this equipment does cause harmful
interference to radio or television reception, which can be determined by turning the equipment off
and on, the user is encouraged to try to correct the interference by one or more of the following
measures:




Reorient or relocate the receiving antenna
Increase the separation between the equipment and receiver
Connect the equipment into an outlet on a circuit different from that to which the receiver is
connected
Consult the dealer or an experienced radio/TV technician for help
This device complies with Part 15 of the FCC Rules. Operation is subject to the following two
conditions: (1) This device may not cause harmful interference, and (2) this device must accept any
interference received, including interference that may cause undesired operation.
FCC Caution: Any changes or modifications not expressly approved by the party responsible for
compliance could void the user's authority to operate this equipment.
European Community (CE) Electromagnetic Compatibility Directive
This information technology equipment complies with the requirements of the Council Directive
89/336/EEC on the Approximation of the laws of the Member States relating to Electromagnetic
Compatibility and 73/23/EEC for electrical equipment used within certain voltage limits and the
Amendment Directive 93/68/EEC. For the evaluation of the compliance with these Directives, the
following standards were applied:
RFI Emission:
- Limit according to EN 55022:2010 AS/NZS CISPR 22:2009, Class A
- Limit for harmonic current emission according to EN 61000-32:2006+A1:2009+A2:2009
- Limitation of voltage fluctuation and flicker in low-voltage supply
system according to EN 61000-3-3:2008
Immunity:
- Product family standard according to EN 55024:2010
- Electrostatic Discharge according to IEC 61000-4-2:2008
7
APS User Manual
- Radio-frequency electromagnetic field according to IEC 61000-43:2006+A1:2007+A2:2010
- Electrical fast transient/burst according to IEC 61000-4-4:2010
- Surge immunity test according to IEC 61000-4-5:2005
- Immunity to conducted disturbances, Induced by radio-frequency
Fields: IEC 61000-4-6:2008
- Power frequency magnetic field immunity test according to IEC
61000-4-8:2009
- Voltage dips, short interruptions and voltage variations immunity test
According to IEC 61000-4-11:2004
LVD:
- EN60950-1:2006+A11:2009+A1:2010EMC:
Australian C-Tick Compliance.
This equipment is compliant with the required Australian C-Tick standards
PLEASE READ THE FOLLOWING SAFETY INFORMATION CAREFULLY BEFORE INSTALLING THE
SWITCH:
WARNING: Installation and removal of the unit must be carried out by qualified personnel only.

This guide is intended for use by network administrators who are responsible for setting up
and installing network equipment; consequently it assumes a basic working knowledge of
LANs (Local Area Networks).

The unit must be connected to an earthed (grounded) outlet to comply with international
safety standards.

Do not connect unit to an A.C outlet (power supply) without an earth (ground) connection.

The appliance coupler (the connector to the unit and not the wall plug) must have a
configuration for mating with an EN 60320/IEC 320 appliance inlet.

The socket outlet must be near to the unit and easily accessible. You can only remove power
from the unit by disconnecting the power cord from the outlet.

This unit operates under SELV (Safety Extra Low Voltage) conditions according to IEC 60950.
The conditions are only maintained if the equipment to which it is connected also operates
under SELV conditions.
8
APS User Manual
SAFETY PRECAUTIONS
Read the following information carefully before operating the device. Please follow the following
precaution items to protect the device from risks and damage caused by fire and electric power:

Use the power adapter that is included with the device package.

Pay attention to the power load of the outlet or prolonged lines. An overburdened power
outlet or damaged cords and plugs may cause electric shock or fire. Check the power cords
regularly, if you find any damage, replace it at once.

Proper space for heat dissipation is necessary to avoid any damage caused by device
overheating. The ventilation holes on the device are designed for heat dissipation to ensure
that the device works normally. Do not cover these ventilation holes.

Do not put this device close to a place where a heat source exits or high temperature occurs.
Avoid placing the device in direct sunshine.

Do not put this device close to a place which is damp or wet. Do not spill any fluid on this
device.

Please follow the instructions in the user manual/quick install guide carefully to connect the
device to your PC or other electronic product. Any invalid connection may cause a power or
fire risk.
Do not place this device on an unstable surface or support.
CAUTION: Circuit devices are sensitive to static electricity, which
can damage their delicate electronics. Dry weather conditions or
walking across a carpeted floor may cause you to acquire a static
electrical charge.
To protect your device, always:

Touch the metal chassis of your computer to ground the static
electrical charge before you pick up the circuit device.

Pick up the device by holding it on the left and right edges only.

If you are connecting a device mounted outdoors to this switch
please ensure you have installed an additional lightning arrestor
between this device and the outdoor equipment.
9
APS User Manual
Fig. Additional arrester installed between outdoor device and
this switch
NOTE: The switch is indoor device; if it will be used in outdoor
environment or connects with some outdoor device, then it must
use a lightning arrester to protect the switch
WARNING:
 Self-demolition of Product is strictly prohibited.
Damage caused by self-demolition will result in
voiding the switches warranty.
 Do not place product in outdoor locations.
 Before installation, please make sure input power
supply and product specifications are compatible to
each other.
 To reduce the risk of electric shock. Disconnect all AC
or DC power cords and RPS cables to completely
remove power from the unit.
 Before importing / exporting configuration please
make sure the firmware version is always the same.
10
APS User Manual
Introduction
Overview
In this user’s manual, we will explain how to configure and monitor the APS Series switches through
the Web Management Interface.
The APS Series, the next generation Web managed switches from Alloy, are a portfolio of affordable
managed switches that provides a reliable infrastructure for your business network. These switches
deliver more intelligent features you need to improve the availability of your critical business
applications, protect your sensitive information, and optimize your network bandwidth to deliver
information and applications more effectively. It provides the ideal combination of affordability and
capabilities for entry level networking includes small business or enterprise application and helps
you create a more efficient, better-connected workforce.
The major features of the APS series Switches are outlined below:

Wirespeed performance - up to 130.94mpps switching architecture, 136Gbps forwarding
rate

High density port configurations - up to 52 ports

Dual speed SFP+ slots supporting Gigabit or 10Gigabit mini-GBICs modules

Dual speed SFP slots for Fast Ethernet or Gigabit mini-GBIC modules

Layer 2 Plus features provide enhanced manageability, security, QoS and Performance

Easy to use Web Based Management

Comprehensive VLAN, GVRP, DHCP Relay, IGMP and MLD Snooping functions

Advanced QoS features including hardware Priority Queues, SR and WRR Scheduling, all
major Classification regimes, Rate limiting and IPv6 Applications

IPv6 and s-Flow support

IEEE 802.3az Energy Efficient Ethernet standard

Robust security features including SSH, SSL, HTTPS, 802.1x, Layer 2 Isolation, IP Source
Guard, RADIUS/TACACS+, and ACLs
11
APS User Manual
1. Operation of the Web-based Management
This chapter instructs you on how to configure and manage the APS Series switches through the web
user interface. With this facility, you can easily access and monitor the switch through any of the
Ethernet ports and view the status of the switch, including MIBs status, each port activity, Spanning
tree status, port aggregation status, multicast traffic, VLAN and priority status, even illegal access
record and so on.
The default values of the APS Series switches are listed in the table below:
IP Address
192.168.1.1
Subnet Mask
255.255.255.0
Default Gateway
192.168.1.254
Username
admin
Password
To access the web management of an APS Series switch enter the default IP Address in web browser
and hit enter. E.g. http://192.168.1.1
Once you have entered the IP Address into the web browser you will be prompted to enter a
Username and Password in order to access the web management interface. Enter the default values
as shown in the table above.
The APS Series switches support a simple user management function allowing only one administrator
to configure the system at the same time. If there are two or more users using the administrator’s
identity, it will allow only the first user who logs in to configure the system. The rest of the users,
even with administrator’s identity, can only monitor the system. For those who do not have
administrator access they will only be able to monitor the system. Only a maximum of three users
are able to login simultaneously.
NOTE:
The APS Series switches support management interface on both
IPv4 and IPv6 IP Addresses.
To optimize the display, we recommend you use Microsoft IE 6.0
and above, Netscape V7.1 and above or FireFox V1.00 and above
and a screen resolution of 1024x768.
12
APS User Manual
Fig. 1 The login page
13
APS User Manual
1.1 System
This chapter describes the basic configuration tasks required to configure the system information on
the APS Series switches. The System Information page is the default page and will be the first page
you see when you log into the switches web interface.
1.1.1 System Information
The System Information page shows you the following: Model Name, System Description, Location,
Contact, Device Name, System Date, System Uptime, BIOS Version, Firmware Version, HardwareMechanical Version, Series Number, Host IP Address, Subnet Mask, Gateway IP Address, Host MAC
Address, Console Baudrate, RAM Size, Flash Size, Bridge FDB Size, Transmit Queue and Maximum
Frame Size. All relevant fields will be explained in more detail in the chapter.
1.1.1-1 Information
The switches system information is provided here.
Web Interface
To view the System Information via the Web Interface:
1. Click System, System Information and Information.
The current configuration will be displayed, this is read only, and nothing can be
configured here.
Fig. 2 System Information
14
APS User Manual
Parameter Description
Model Name:
The model name of this device.
System Description:
A brief description of this device.
Location:
A user-defined value describing the location of the switch.
Contact:
A user-defined value, normally the system/network administrator details
will be entered here.
Device Name:
A user-defined value, give the switch a descriptive name for easy
identification.
System Date:
Shows the system time and date of the switch. These details can be
configured in the Time section. Format is YYYY-MM-DD HH:MM:SS.
System Uptime:
The time accumulated since the switch was powered on. Format is Day,
Hour, Minute, Second.
BIOS Version:
The current BIOS version running in the switch.
Firmware Version:
The current firmware version running in the switch.
Hardware-Mechanical: The current hardware and mechanical version numbers. The figure before
the hyphen is the hardware version, the figure after the hyphen is the
mechanical version.
Series Number:
The chipset serial number. Please note this is not the serial number of the
actual switch.
Host IP Address:
The IP Address of the switch.
Subnet Mask:
The subnet mask of the switch.
Default Gateway:
The default gateway of the switch.
Host MAC Address:
The MAC Address of the management interface of the switch.
Console Baudrate:
The currently configured Baudrate of the switch.
RAM Size:
The size of the RAM in the switch.
Flash Size:
The size of the flash memory in the switch.
Bridge FDB size:
Displays the current Bridge FDB size.
Transmit Queue:
Displays the switches transmit hardware priority queue information.
15
APS User Manual
Maximum Frame Size: Displays the switches maximum supported frame size.
1.1.1-2 Configuration
The Contact Information, name and the location of switch and can all be configured here.
Web Interface
To configure the contact information via the web interface:
1
Click System, System Information and Configuration.
2
Enter the required Contact, Device Name and Location details in the fields provided.
3
Click Save to apply your changes.
Fig. 3 System Information Configuration
Parameter Description
System Contact:
The system/network administrator details will be entered here, as well as a
contact phone number. The allowed string length is 0 to 255 characters.
System Name:
An administratively assigned name for the switch. By convention,
this is the switches fully-qualified domain name. A domain name is a text
string drawn from the alphabet (A-Za-z), digits (0-9), minus sign (-). No space
characters are permitted as part of a name. The first character must be an
alpha character. And the first or last character must not be a minus sign. The
allowed string length is 0 to 255.
16
APS User Manual
System Location:
The physical location of the switch (e.g., telephone closet, 3rd floor). The
allowed string length is 0 to 255, and the allowed content is the ASCII
characters from 32 to 126.
1.1.1-3 CPU Load
This page displays the CPU load, using an SVG graph. The load is measured as averaged over the last
100ms, 1sec and 10 seconds intervals. The last 120 samples are graphed, and the last numbers are
displayed as text as well. In order to display the SVG graph, your browser must support the SVG
format. Consult the SVG Wiki for more information on browser support. Specifically, at the time of
writing, Microsoft Internet Explorer will need to have a plugin installed to support SVG.
Web Interface
To view the CPU Load via the web interface:
1
Click System, System Information and CPU Load.
2
The CPU Load will be displayed on the screen.
3
If you wish to enable the Auto-Refresh function, tick the check box in the top right hand
corner of the screen.
Fig. 4 CPU Load
Parameter Description
Auto-Refresh:
To enable Auto-Refresh, tick the check box in the top right hand corner of
the screen.
17
APS User Manual
1.1.2 Time
The page is used to configure the time setting on the switch. Time can be set manually or via a NTP
server. By default NTP is used and is set to au.pool.ntp.org.
1.1.2-1 Manual
The time for the switch can set manually or via a NTP Server. When setting manually simply enter
the date and time into the paces provided.
Web Interface
To configure the time settings via the Web Interface:
1. Click System, Time and Manual.
2. Select use Local Settings.
3. Enter the time and date into the Local Time field.
4. Enter the Time Zone Offset.
5. If you would like to enable Daylight Savings, un-tick the box and enter the required Time
Offset and the dates for when Daylights Savings begins and ends.
6. Click Save to apply your changes.
Fig. 5 Manual Time Settings
18
APS User Manual
Parameter Description
Clock Source:
Select what clock source the switch will use for its time configuration. Use
Local Settings allows you to manually set the time, or use NTP Server to
allow the switch to sync it’s time with an external NTP time server.
Local Time:
Displays the current time when using NTP Server, or is used to set the time
when using Local Settings.
Time Zone Offset:
Provide the time zone offset relative to UTC/GMT. The offset is given in
minutes east of GMT. The valid range is from -720 to 720 minutes. E.g. +10
will be 600 minutes.
Daylight Savings:
Daylight saving is adopted in some countries. If set, it will adjust the time by
adding or removing time in unit of hours, according to the starting date and
the ending date. For example, if you set the day light saving to be 1 hour.
When the time passes over the starting time, the system time will be
increased by one hour. When the time passes over the ending time, the
system time will be decreased by one hour.
If the Time Set Offset value is set to 0, no changes to the time will be made,
nor will you have to set a start and end date. If you do add a valid value then
you will need to configure your start and end dates for daylights savings in
your particular area.
Time Set Offset:
Enter the Daylight Savings time offset for your region. The offset is given in
minutes east of standard GMT. The valid range is 1 to 1440 minutes. Default
is 60 minutes.
Daylight Savings Type: Here you can select whether you want to set your daylight saving “By Dates”
or by “Recurring”. If you set “By Dates” this will need to be changed each
year, if you select “Recurring” then this will only need to be setup once.
From:
Used to configure the Daylight Savings start date and time. Format is YYYYMM-DD HH:MM.
To:
Used to configure the Daylight Savings end date and time. Format is YYYYMM-DD HH:MM.
19
APS User Manual
1.1.2-2 NTP
NTP (Network Time Protocol) is a protocol used to sync devices on the network with a time server.
Web Interface
To configure the NTP Settings via the Web Interface:
1. Click System, Time and NTP.
2. Enter the required Server addresses in to the fields provided. Up to 5 NTP servers can be
configured.
3. Click Save to apply your changes.
Fig. 6 NTP Time Settings
Parameter Description
Server 1 to 5:
Enter a valid NTP Server IPv4 or IPv6 address, or enter the FQDN of a valid
NTP Server.
20
APS User Manual
1.1.3 Account
The Accounts function is used by the administrator to create, modify and delete users. The
administrator can modify any guest user’s settings including the privilege level and the guest user
password. The guest user only has rights to modify their own password. Only one administrator
account can be configured and up to four Guest accounts can be created.
1.1.3-1 Users
This page provides an overview of the current users. Currently the only way to login as another user
on the web server is to close and reopen the browser
Web Interface
To configure the User settings via the Web Interface:
1. Click System, Account and Users.
2. Click Add new User, you will now be prompted with a new interface.
3. Enter the required Username, Password and Privilege level.
4. Click Apply to save your settings.
Fig. 7 User Configuration
Parameter Description
Add New User:
Click the Add New User button to create a new user.
21
APS User Manual
Fig. 8 Adding a New User
Parameter Description
User Name:
The name identifying the user, enter the username that you want to create.
Password:
Enter the required password. The password length can be between 0 and
255 characters.
Password (again):
Re-enter the password from the password field.
Privilege Level:
Used to assign the privilege level of the user being created. The allowed
privilege range is from 1 through to 15. Level 15 is the highest level and will
give you read/write access to the entire system. Each group can have a
privilege level assigned. For a user to have access to that the group their
privilege level must be equal or greater than the group value. By default
every group is set to level 10 except the maintenance group which is set to
15. When creating users, guest users would be set to privilege level 5,
standard users to 10 and administrators to 15. Guests will then have read
only access to the system, standard users can do everything except
maintenance tasks and the administrator will have full control of the switch.
22
APS User Manual
1.1.3-2 Privilege Level
This page provides the administrator a way to give users access to the management interface of the
switch. Privilege levels can be set for a variety of different switch functions. Each function is assigned
to a group and a privilege level from 1 through to 15 can be assigned to each group.
Web Interface
To configure the Privilege Level settings via the Web Interface:
1. Click System, Account and Privilege Level.
2. Specify the privilege level for each of the groups.
3. Click Apply to save your changes.
Fig. 9 Setting the Privilege Levels
Parameter Description
Group Name:
The group name in which a privilege level can be assigned to.
Privilege Levels:
The privilege levels can be set from 1 through to 15. Level 15 is the highest
level and will give you read/write access to the entire system. Each group
can have a privilege level assigned. For a user to have access to that the
group their privilege level must be equal or greater than the group value. By
default every group is set to level 10 except the maintenance group which is
set to 15. When creating users, guest users would be set to privilege level 5,
standard users to 10 and administrators to 15. Guests will then have read
only access to the system, standard users can do everything except
maintenance tasks and the administrator will have full control of the switch.
23
APS User Manual
1.1.4 IP
IP is an acronym for Internet Protocol. It is a protocol used for communicating data across an internet
network.
IP is a "best effort" system, which means that no packet of information sent over is assured to reach
its destination in the same condition it was sent. Each device connected to a Local Area Network
(LAN) or Wide Area Network (WAN) is given an Internet Protocol address, and this IP address is used
to identify the device uniquely among all other devices connected to the extended network.
The current version of the Internet protocol is IPv4, which has 32-bits Internet Protocol addresses
allowing for in excess of four billion unique addresses. This number is reduced drastically by the
practice of webmasters taking addresses in large blocks, the bulk of which remain unused. There is a
rather substantial movement to adopt a new version of the Internet Protocol, IPv6, which would
have 128-bits Internet Protocol addresses. This number can be represented roughly by a three with
thirty-nine zeroes after it. However, IPv4 is still the protocol of choice for most of the Internet.
1.1.4-1 IPv4
The APS Series switches support both dynamically assigned and statically configured IP Addresses. If
you are running a DHCP server on your network the switch can obtain an IP Address from the DHCP
if DHCP Client is enabled. If not the switches IP settings must be configured manually. Please change
the IP Address of the switch to suit your networks requirements.
Web Interface
To configure the IPv4 settings via the Web Interface:
1. Click System, IP and IPv4.
2. Select DHCP Client if you wish to obtain an IP Address automatically from a DHCP Server.
Alternatively enter your required IP Settings for your network.
3. Click Save to apply your changes, or Reset to change values back to your previous settings.
24
APS User Manual
Fig. 10 IPv4 Address Configuration
Parameter Description
DHCP Client:
Enable the DHCP Client by checking the tick box. When selected, the switch
will obtain an IP Address from your DHCP Server. If the switch does not
receive an IP Address the Default IP Address will be used.
Renew:
Click the Renew button to renew the DHCP lease from the DHCP Server.
IP Address:
Enter the required static IP Address in dotted decimal notation.
IP Mask:
Enter the required Subnet Mask in dotted decimal notation.
IP Router:
Enter the required Default Gateway in dotted decimal notation.
VLAN ID:
Provide the VLAN ID of the management interface. Valid range is from 1 to
4095.
DNS Proxy:
When DNS proxy is enabled, the switch will relay DNS requests to the
currently configured DNS server, and reply as a DNS resolver to the client
devices on the network.
25
APS User Manual
1.1.4-2 IPv6
The APS Series switches support both dynamically assigned and statically configured IP Addresses. If
you are running a DHCP server on your network the switch can obtain an IP Address from the DHCP
if DHCP Client is enabled. If not the switches IP settings must be configured manually. Please change
the IP Address of the switch to suit your networks requirements.
Web Interface
To configure the IPv6 settings via the Web Interface:
1. Click System, IP and IPv6.
2. Select Auto Configuration if you wish to obtain an IP Address automatically from a DHCP
Server. Alternatively enter your required IP Settings for your network.
3. Click Save to apply your changes, or Reset to change values back to your previous settings.
Fig. 11 IPv6 Address Configuration
Parameter Description
Auto Configuration:
Enable the Auto Configuration by checking the tick box. When selected, the
switch will obtain an IP Address from your DHCP Server. If the switch does
not receive an IP Address the Default IP Address will be used.
Address:
Enter the required static IPv6 address. An IPv6 address is a 128-bit record
represented as eight fields of up to four hexadecimal digits with a colon
separating each field (:). For example, ‘fe80::215:c5ff:fe03:4dc7'. The symbol
'::' is a special syntax that can be used as a shorthand way of representing
multiple 16-bit groups of contiguous zeros; but it can only appear once. It
can also represent a legally valid IPv4 address. For example, '::192.1.2.34'.
26
APS User Manual
Prefix:
Enter the IPv6 Prefix of this switch. The allowed range is 1 to 128.
Gateway:
Enter the required IPv6 Gateway Address.
27
APS User Manual
1.1.5 Syslog
The APS Series Switches support offloading system messages to a Syslog Server. A Syslog is a standard
for logging program messages. It allows separation of the software that generates messages from the
system that stores them and the software that reports and analyzes them. It is supported by a wide
variety of devices and receivers across multiple platforms.
1.1.5-1 Configuration
This section is used to configure the parameters of the Syslog server the switch will use to offload its
system messages.
Web Interface
To configure the Syslog settings via the Web Interface:
1. Click System, Syslog and Configuration.
2. Enter the Syslog parameters into the spaces provides and select the logging level.
3. Click Apply to save your changes.
Fig. 12 Syslog Configuration
Parameter Description
Server Mode:
Select enable from the dropdown box to enable the Syslog function.
Server Address 1:
Enter the IP Address of the Syslog Server.
Server Address 2:
Enter the IP Address of a second Syslog Server if required.
28
APS User Manual
Syslog Level:
Indicates what messages will be sent to the Syslog server.
1.1.5-2 Log
This section display’s the system logging locally on the switch.
Web Interface
To view the System Logs via the Web Interface:
1. Click System, Syslog and Logs.
Fig. 13 System Logs
Parameter Description
Auto-refresh:
Select the Auto-refresh check box to enable the auto-refresh function. This
enables the screen to refresh automatically.
Level:
Select the level of logging to be displayed on the screen. Options are All,
Emergency, Alert, Critical, Error, Warning, Notice, Info and Debug.
ID:
Click on the ID to view additional information on the event.
Time:
Displays the time the event was logged by the system.
Message:
Displays detailed message of the event that has occurred.
Refresh:
Used to manually refresh the page.
Clear:
Used to clear the log.
Page Arrows:
Used to navigate between pages.
29
APS User Manual
1.1.5-3 Detailed Log
This section is used to display events ID’s in more detail.
Web Interface
To view the Detailed System Logs via the Web Interface:
1. Click System, Syslog and Detailed Logs.
2. Enter the Event ID into the ID filed to display the event in more detail.
Fig. 13 Detailed System logs
Parameter Description
ID:
Enter the Event ID of the log event you want to view in detail.
Message:
Displays the detailed message of the log event.
Refresh:
Used to manually refresh the page.
Page Arrows:
Used to navigate between pages.
30
APS User Manual
1.1.6 SNMP
The APS Series Switches support SNMP and can be managed by any Network Management System
(NMS). SNMP is a protocol that is used to govern the transfer of information between SNMP
manager and agent and traverses the Object Identity (OID) of the management Information Base
(MIB), described in the form of SMI syntax. A SNMP agent is running on the switch and if enabled will
respond to the requests issued by a SNMP manager.
1.1.6-1 System
This section is used to enable or disable the SNMP Agent in the switch.
Web Interface
To enable or disable SNMP via the Web Interface:
1. Click System, SNMP and System.
2. Select to enable or disable the SNMP function by selecting the relevant radio button.
3. Enter a valid engine ID. This is used for SNMPv3 and should not need to be changed.
4. Click the Apply button to save your changes.
Fig. 14 SNMP Settings
Parameter Description
SNMP State:
Used to enable or disable the SNMP Agent in the switch.
Engine ID:
SNMPv3 Engine ID. Syntax: 0 – 9, a – f, A – F. Minimum 5 Octet, Maximum
32 Octet.
31
APS User Manual
1.1.6-2 Configuration
This section is used to configure the GET and SET community names. In this section you can also
enable or disable the SET community. By doing this the NMS server will not be able to write
configuration parameters to the switch.
Web Interface
To configure the GET and SET communities names via the Web Interface:
1. Click System, SNMP and Configuration.
2. Enter the GET and SET community names.
3. Select whether you want to enable or disable the SET function, via the drop down box.
4. Click the Apply button to save your changes.
Fig. 15 SNMP Community Configuration
Parameter Description
Get Community:
Set the community name for the SNMP Get function.
Set Community:
Set the community name for the SNMP Set function.
Enable/Disable:
Used to Enable or Disable the SNMP Set function.
32
APS User Manual
1.1.6-3 Communities
This section is used to configure additional communities. These communities can be used to secure
the SNMP information by allowing only certain users and IP Addresses to be able to access a specific
community. The maximum number of communities that can be created is four.
Web Interface
To configure communities via the Web Interface:
1. Click System, SNMP and Communities.
2. Click add new community.
3. Enter a valid community name, a username, Source IP Address and subnet mask.
4. Click Save to apply your changes.
Fig. 16 SNMP Additional Community Configuration
Parameter Description
Delete:
Select the tick box and click the apply button to delete a community name.
Add New Community: Used to add a new community.
33
APS User Manual
Fig. 17 SNMP Add New Community window
Parameter Description
Delete:
Select the delete button next to the community you would like to delete.
Community:
Enter a valid community name. Valid length is from 1 to 32. The community
string will be treated as a security name and map a SNMPc1 or SNMPv2c
community string.
Username:
The Username string is used to permit access to the SNMP agent. The length
of the Username can be from 1 to 32 characters.
Source IP:
Indicates what IP Addresses are able to communicate with the SNMP agent.
The subnet mask can be used to allow access to entire subnets or individual
IP Addresses.
Source Mask:
Enter the required subnet mask based on the source IP Address.
34
APS User Manual
1.1.6-4 Users
SNMPv3 brings some important and much needed authentication and encryption options to the
SNMP protocol. This section is used to configure SNMPv3 users.
Web Interface
To configure SNMP Users via the Web Interface:
1. Click System, SNMP and Users.
2. Click on Add New User to configure a new user. Enter the required user details.
3. Click Save to apply your changes.
Fig. 18 SNMPv3 Users
Parameter Description
Delete:
Select the tick box and click the apply button to delete a User.
Add New User:
Used to add a new user.
35
APS User Manual
Fig. 19 adding a new SNMPv3 User
Parameter Description
Delete:
Select the delete button next to the community you would like to delete.
Username:
Enter a username to identify the user. Allowed length is 1 to 32 characters.
Security Level:
Indicates the security model set for the user. Possible security options:
NoAuth, NoPriv: No Authentication and No Privacy
Auth, NoPriv: Authentication and No Privacy
Auth, Priv: Authentication and Privacy
once the security level for a user has been set it cannot be changed. If you
need to modify the security level you will need to delete and re-create the
user.
Authentication Protocol: Indicates the Authentication protocol used for the user. Options are:
None: No Authentication Protocol
MD5: Select to use the MD5 Authentication Protocol
SHA: Select to use the SHA Authentication Protocol
Once the Authentication Protocol has been set for a user it cannot be
changed. If you need to modify the Authentication Protocol you will need to
delete and re-create the user.
Authentication Password: The password used for both the MD5 and SHA Authentication Protocols.
The MD5 protocol allows a password length of 8 to 32 characters and the
SHA protocol allows a password length of 8 to 40 characters.
Privacy Protocol:
Indicates the Privacy protocol used for the user. Options are:
None: No privacy protocol used.
36
APS User Manual
DES: Select to use the DES encryption method
once the Privacy Protocol has been set for a user it cannot be changed. If
you need to modify the Privacy Protocol you will need to delete and recreate the user.
Privacy Password:
The password used for both the DES Privacy Protocol. The allowed password
length is 8 to 32 characters.
37
APS User Manual
1.1.6-5 Groups
This section is used to configure SNMPv3 groups.
Web Interface
To configure SNMP Groups via the Web Interface:
1. Click System, SNMP and Groups.
2. Click on Add New Group to configure a new Group. Enter the required group details.
3. Click Save to apply your changes.
Fig. 12 SNMPv3 Group
Parameter Description
Delete:
Select the tick box and click the apply button to delete a Group.
Add New Group:
Used to add a new group.
38
APS User Manual
Fig. 13 Add a new SNMPv3 Group
Parameter Description
Delete:
Select the delete button next to the group you would like to delete.
Security Model:
Select the required security model that the group will belong to. Options
are:
v1: Reserved for SNMPv1 and will be available once a SNMPv1 community
has been created in the communities section.
v2c: Reserved for SNMPv2c and will be available once a SNMPv2c
community has been created in the communities section
USM: Reserved for User-based Security and will be available once a user has
been created in the Users section.
Security Name:
The security name can be selected from any of the SNMP communities that
you have created under the communities section.
Group Name:
Enter a group name to identify the group you are creating. Allowed length of
1 to 32 characters.
39
APS User Manual
1.1.6-6 Views
This section is used to configure SNMPv3 views.
Web Interface
To configure SNMP Views via the Web Interface:
1. Click System, SNMP and Views.
2. Click on Add New View to configure a new View. Enter the required view details.
3. Click Save to apply your changes.
Fig. 14 SNMPv3 View
Parameter Description
Delete:
Select the tick box and click the apply button to delete a View.
Add New View:
Used to add a new view.
40
APS User Manual
Fig. 15 Add a new SNMPv3 View
Parameter Description
Delete:
Select the delete button next to the view you would like to delete.
View Name:
Enter a view name to identify the view you are creating. Allowed length of 1
to 32 characters.
View Type:
Select the view type from the options below:
Included: Used to allow a particular OID subtree to be displayed in the view.
Excluded: Used to block a particular OID subtree from being displayed.
If you exclude an OID from a view you can allow other OID’s to view by
adding include views.
OID Subtree:
The OID defining the root of the subtree. The allowed OID length is from 1 to
128. Wildcards (*) can also be used in the OID subtree.
41
APS User Manual
1.1.6-7 Access
This section is used to configure SNMPv3 access lists.
Web Interface
To configure SNMP Access lists via the Web Interface:
1. Click System, SNMP and Access.
2. Click Add new Access.
3. Specify the SNMP Access parameters.
4. Click Save to apply your changes.
Fig. 16 SNMPv3 Access
Parameter Description
Delete:
Select the tick box and click the apply button to delete an Access rule.
Add New Access:
Used to add a new Access rule.
42
APS User Manual
Fig. 17 Add a new SNMPv3 Access Rule
Parameter Description
Delete:
Select the delete button next to the Access Rule you would like to delete.
Group Name:
Select the Group name from the drop down box. Please ensure you have
created a group from the Group section. (See section 1.1.6-5)
Security Model:
Select the required security model that the group will belong to. Options
are:
v1: Reserved for SNMPv1 and will be available once a SNMPv1 community
has been created in the communities section.
v2c: Reserved for SNMPv2c and will be available once a SNMPv2c
community has been created in the communities section.
USM: Reserved for User-based Security and will be available once a user has
been created in the Users section.
Security Level:
Indicates the security model set for the user. Possible security options:
NoAuth, NoPriv: No Authentication and No Privacy
Auth, NoPriv: Authentication and No Privacy
Auth, Priv: Authentication and Privacy
once the security level for a user has been set it cannot be changed. If you
need to modify the security level you will need to delete and re-create the
user.
Read View Name:
The name of the MIB view defining the MIB objects for which this request
may request the current values. The allowed string length is 1 to 32.
43
APS User Manual
Write View Name:
The name of the MIB view defining the MIB objects for which this
request may potentially set new values. The allowed string length is
1 to 32.
1.1.6-8 Trap
This section is used to create SNMP traps.
Web Interface
To configure SNMP Traps via the Web Interface:
1. Click System, SNMP and Trap.
2. Select an SNMP Trap number and click the number to add the trap information. Up to 6
traps can be configured.
3. If you have any Trap entries that you would like to delete, click on the delete button next to
the Trap that you would like to delete.
4. Click the Save button to apply changes.
Fig. 18 SNMP Traps
Parameter Description
Delete:
Click the delete button to delete an existing Trap.
No:
This identifies the Trap number, click on the Trap number to create a new
SNMP Trap. Up to 6 Traps can be created.
44
APS User Manual
Fig. 19 Add a new SNMP Trap
Parameter Description
Trap Version:
Select the required Trap Version SNMP v1, v2c or v3 trap.
Server IP:
Enter the IP Address of the server that will receive the SNMP Traps.
UDP Port:
Enter the UDP port used for sending the SNMP Traps, default is 162.
Community/Security:
Enter the Community/Security name, this value can be 1 to 32 characters in
length.
Security Level:
Select the type of information you want sent in the SNMP Trap. Options are
Emergency, Alert, Critical, Error, Warning, Notice, Info and Debug.
Security Level:
Set the required security level. Possible security options:
NoAuth, NoPriv: No Authentication and No Privacy
Auth, NoPriv: Authentication and No Privacy
Auth, Priv: Authentication and Privacy
Authentication Protocol: Indicates the Authentication protocol used for the Trap. Options are:
MD5: Select to use the MD5 Authentication Protocol
SHA: Select to use the SHA Authentication Protocol
Authentication Password: The password used for both the MD5 and SHA Authentication Protocols.
The MD5 protocol allows a password length of 8 to 32 characters and the
SHA protocol allows a password length of 8 to 40 characters.
Privacy Protocol:
Indicates the Privacy protocol used for the user. Options are:
DES: Select to use the DES encryption method
45
APS User Manual
Privacy Password:
The password used for both the DES Privacy Protocol. The allowed password
length is 8 to 32 characters.
46
APS User Manual
1.2 Configuration
This chapter describes the network configuration options available in the APS Series of switches. All
Layer 2 features such as VLAN’s, Port Trunking, IGMP, ACL’s and QoS can be configured in this section.
1.2.1 Port
The Port section is used to configure specific port parameters and view statistics related to individual
ports.
1.2.1-1 Configuration
Use this section to configure parameters for each of the ports. You can force the speed of a port, set
the maximum frame size, set frame collision parameters and also configure the power saving
options for each of the ports.
Web Interface
To configure the ports of the switch via the Web Interface:
1. Click Configuration, Port and Configuration.
2. Configure the parameters needed for your network.
3. Click the Apply button to save your changes or the Reset button to revert to previous
settings.
Fig. 20 Port Configuration
47
APS User Manual
Parameter Description
Port:
The logical port number for the switch.
Link:
The current link state of the port is shown. Green indicates link is active, Red
indicates the link is down.
Speed-Current:
Displays the current port link speed.
Speed-Configured:
Here you can force the speed of a port. Forcing the speed of a port is not
recommended and should only be done if you are having linking issues when
connecting to a particular device. Speed options available are:
10Gb FDX – 10GbE Full Duplex (APS-24T4S4SFP and APS-48T4S4SFP only)
1Gb FDX – 1GB Full Duplex
100Mbps FDX – 100Mbps Full Duplex
100Mbps HDX – 100Mbps Half Duplex
10Mbps FDX – 10Mbps Full Duplex
10Mbps HDX – 10Mbps Half Duplex
Auto – Auto Negotiation
10G-X_APS – 10Gbps (APS-24T4S4SFP and 48T4S4SFP SFP+ ports only)
100FX_APS – 100Mbps (Paired UTP/SFP Ports Only)
1000-X_APS – 1000Mbps (Paired UTP/SFP Ports Only)
100Mbps FDX – 100Mbps Full Duplex(SFP Ports Only)
1Gbps FDX – 1000Mbps Full Duplex(SFP Ports Only)
SFP_Auto_APS - Auto Negotiation ( Paired UTP/SFP Ports Only)
Flow Control:
When Auto Speed is selected on a port, this section indicates the flow
control capability that is advertised to the link partner. When a fixed-speed
setting is selected, that is what is used. The Current Rx column indicates
whether pause frames on the port are obeyed, and the Current Tx column
indicates whether pause frames on the port are transmitted. The Rx and Tx
settings are determined by the result of the last Auto-Negotiation.
Check the configured column to use flow control. This setting is related to
the setting for Configured Link Speed.
Maximum Frame Size: Enter the maximum frame size allowed for each switch port. Valid ranges
are from 1518 to 9600 bytes.
Excessive Collision Mode: Used to set the ports response to excessive collisions on the port.
Discard: Discard frames after 16 collisions (Default)
Restart: Restart backoff algorithm after 16 collisions
Power Control:
Used to configure the power savings features of each port.
Disabled: All power saving mechanisms are disabled
48
APS User Manual
ActiPHY: Link down power savings enabled. Power saving occurs if no active
link.
PerfectReach: Link up power savings enabled. Reduced power used by the
port depending on the length of the cable.
Enabled: Both Link up and Link Down power saving mechanisms enabled.
NOTE:
At the top of the column there is an *. The * is a global
setting and a way of changing the settings for every port
simultaneously.
49
APS User Manual
1.2.1-2 Port Description
Use this section to help identify what devices are connected to each port of your switch. Each Port
can have a description assigned to it.
Web Interface
To add a description to the ports of the switch via the Web Interface:
1. Click Configuration, Port and Description.
2. Enter the description for the required ports.
3. Click Apply to save changes or Reset to return to previous values.
Fig. 21 Port Descriptions
Parameter Description
Port:
The logical port number for the switch.
Description:
Enter a description of each of the ports. Descriptions cannot include “, #, %,
&, ‘, +, \
50
APS User Manual
1.2.1-3 Traffic Overview
Use this section to view basic traffic statistics for each of the switch ports.
Web Interface
To view the port statistics via the Web Interface:
1. Click Configuration, Port and Traffic Overview.
2. Click on an individual port number to show the detailed statistics for that port.
3. If you would like the page to auto-refresh the port statistics, check the Auto-Refresh tick box
at the top of the page, or alternatively hit the refresh button to refresh the page manually.
4. To clear the current statistics, use the Clear button at the top of the page.
Fig. 22 Port Statistics
Parameter Description
Port:
Click on the port number to view the detailed statistics.
Packets:
The number of transmitted and received packets per port.
Bytes:
The number of transmitted and received Bytes per port.
Errors:
The number of transmitted and received errors per port.
Drops:
The number of frames discarded due to ingress or egress congestion.
51
APS User Manual
Filtered:
The number of filtered frames received by the switch.
Auto-Refresh:
To enable auto-refreshing of the statistics on the screen, tick this tick box.
Refresh:
Used to manually refresh the statistics.
Clear:
Used to clear the current statistical data.
52
APS User Manual
1.2.1-4 Detailed Statistics
This sections displays in depth details of the traffic being transmitted and received by the switch. If
you are having problems on your network, this page can be useful for diagnosing packet errors being
received or transmitted by the switch.
Web Interface
To view the detailed port statistics via the Web Interface:
1. Click Configuration, Port and Detailed Statistics.
2. Select the Port you would like to view from the drop down box near the top of the page.
3. If you would like the page to auto-refresh the port statistics, check the Auto-Refresh tick box
at the top of the page, or alternatively hit the refresh button to refresh the page manually.
4. To clear the current statistics, use the Clear button at the top of the page.
Fig. 23 Detailed Port Statistics
Parameter Description
Port:
Select the port you wish to view the statistics for from the drop down box at
the top of the page.
Auto-Refresh:
To enable auto-refreshing of the statistics on the screen, tick this tick box.
Refresh:
Used to manually refresh the statistics.
53
APS User Manual
Clear:
Used to clear the current statistical data.
Receive Total:
The total number of received Rx traffic including good and bad packets.
Types of traffic displayed are Rx Packets, Rx Octets, Rx Unicast, Rx Multicast,
Rx Broadcast and Rx Pause packets.
Transmit Total:
The total number of transmitted Tx traffic including good and bad packets.
Types of traffic displayed are Tx Packets, Tx Octets, Tx Unicast, Tx Multicast,
Tx Broadcast and Tx Pause packets.
Receive Size Counters: The total number of received packets categorised based on the size in Bytes
of the packets received. Sizes displayed are Rx 64 Bytes, Rx 65-127 Bytes, Rx
128-255 Bytes, Rx 256-511 Bytes, Rx 512-1023 Bytes, Rx 1024-1526 Bytes
and Rx 1527+ Bytes.
Transmit Size Counters: The total number of transmitted packets categorised based on the size in
Bytes of the packets transmitted. Sizes displayed are TX 64 Bytes, TX 65-127
Bytes, Tx 128-255 Bytes, Tx 256-511 Bytes, Tx 512-1023 Bytes, Tx 1024-1526
Bytes and Tx 1527+ Bytes.
Receive Queue Counters: The total number of packets received by the port based upon the QoS
Queues. Queues displayed are from RX Q0 through to RX Q7.
Transmit Queue Counters: The total number of packets transmitted by the port based upon the QoS
Queues. Queues displayed are from Tx Q0 through to Tx Q7.
Receive Error Counters: The total number of errors received by the port. Error types displayed are Rx
Drops, Rx CRC/Alignment, Rx Undersize, Rx Oversize, Rx Fragments and Rx
Jabber, Rx Filtered.
Transmit Error Counters: The total number of errors transmitted by the port. Error types displayed
are Tx Drops and Tx Late/Excessive Collisions.
54
APS User Manual
1.2.1-5 QoS Statistics
This section displays the QoS Queuing details for each of the ports. By clicking on an individual port
detailed statistic can be shown.
Web Interface
To view the detailed QoS statistics via the Web Interface:
1. Click Configuration, Port and QoS Statistics.
2. Click on an individual port number to show the detailed statistics for that port.
3. If you would like the page to auto-refresh the QoS statistics, check the Auto-Refresh tick box
at the top of the page, or alternatively hit the refresh button to refresh the page manually.
4. To clear the current statistics, use the Clear button at the top of the page.
Fig. 24 QoS Statistics
Parameter Description
Port:
Click on the port number to view the detailed statistics.
Q0-Q7 RX/TX:
The number of transmitted and received packets for Q0 to Q7 per port.
Auto-Refresh:
To enable auto-refreshing of the statistics on the screen, tick this tick box.
Refresh:
Used to manually refresh the statistics.
Clear:
Used to clear the current statistical data.
55
APS User Manual
1.2.1-6 SFP Information
This section displays the detailed information regarding the SFP module(s) installed in the switch.
Web Interface
To view the detailed SFP Information via the Web Interface:
1. Click Configuration, Port and SFP Information.
2. Select the port you want to view.
3. If you would like the page to auto-refresh the SFP Information, check the Auto-Refresh tick
box at the top of the page, or alternatively hit the refresh button to refresh the page
manually.
Fig. 25 SFP information
Parameter Description
Connector Type:
Displays the connector type of the SFP module, normally this would be UTP,
LC or SC.
Fibre Type:
Displays the fibre type, multimode or single mode.
Tx Central Wavelength: Displays the optical fibre wavelength, normally 850nm, 1310nm or 1550nm.
Baud Rate:
Displays the speed of the SFP module, 100Mbps, 1000Mbps, 10Gb.
Vendor OUI:
OUI number of the vendors SFP Module.
56
APS User Manual
Vendor Name:
Vendor’s name of the SFP Module.
Vendor P/N:
The part number of the Vendors SFP module.
Vendor Revision:
The revision number of the Vendors SFP module.
Vendor Serial Number: The serial number of the SFP module.
Date Code:
Date the SFP module was manufactured.
Temperature:
Shows the current temperature of the SFP module.
Vcc:
Shows the current DC voltage being used by the SFP module.
Mon1 (Bias):
Shows the Bias current of the SFP module in mA.
Mon2 (TX PWR):
Shows the transmit power of the SFP module.
Mon3 (RX PWR):
Shows the receive sensitivity of the SFP module.
57
APS User Manual
1.2.1-7 EEE
EEE is a power saving option that reduces the power usage when there is very low traffic utilization
(or no traffic).
EEE works by powering down circuits when there is no traffic. When a port has data to be
transmitted all circuits are powered up. The time it takes to power up the circuits is called the
wakeup time. The default wakeup time is 17 µs for 1Gbit links and 30 µs for other link speeds. EEE
devices must agree upon the value of the wakeup time in order to make sure that both the receiving
and transmitting devices have all circuits powered up when traffic is transmitted. Each device can
exchange information about the devices individual wakeup time using the LLDP protocol.
For maximizing the power saving, the circuit isn't started as soon as data is ready for a port, but is
instead queued until 3000 bytes of data is ready to be transmitted. To eliminate large delay’s in
cases where the data is less than 3000 bytes, data will always be transmitted after 48 µs, giving a
maximum latency of 48 µs + the wakeup time.
If desired it is possible to minimize the latency for specific frames, by mapping the frames to a
specific queue (done with QOS), and then mark the queue as an urgent queue. When an urgent
queue gets data to be transmitted, the circuits will be powered up at once and the latency will be
reduced to the wakeup time only.
Web Interface
To configure the EEE Power Saving options via the Web Interface:
1. Click Configuration, Port and EEE.
2. To enable the EEE function for a port tick the box next to the corresponding port.
3. Select the desired EEE Urgent Queue values for each port.
4. Click the Apply button to save your changes or the Reset button to revert to previous
settings.
58
APS User Manual
Fig. 26 EEE Configuration
Parameter Description
Port:
Physical port of the switch.
EEE Enabled:
Used to enable or disable EEE for each port.
EEE Urgent Queues:
Queues set will activate transmission of data as soon as it is available. If no
queue is set then transmission of data will only occur once 3000 bytes are
ready to be transmitted. Queues 1 to 8 are mapped to QoS Queues 0 to 7.
E.g. EEE Urgent Queue 1 uses QoS Queue 0.
59
APS User Manual
1.2.2 ACL
The APS Series switches access control list (ACL) is probably the most commonly used object in the
IOS. It is used for packet filtering but also for selecting types of traffic to be analyzed, forwarded, or
influenced in some way. The ACLs are divided into EtherTypes, IPv4, ARP protocol, MAC and VLAN
parameters etc. Here we will just go over the standard and extended access lists for TCP/IP. As you
create ACEs for ingress classification, you can assign a policy for each port, the policy number range
from 1-8. However each policy can be applied to any port. This makes it very easy to determine what
type of ACL policy you will be working with.
1.2.2-1 Ports
The section describes how to configure the ACL parameters (ACE) of each switch port. These
parameters will affect frames received on a port unless the frame matches a specific ACE rule.
Web Interface
To configure the ACL Ports Configuration via the Web Interface:
1. Click Configuration, ACL and Ports.
2. Configure the required ACL settings for each of the ports.
3. Click the Apply button to save your changes or the Reset button to revert to previous
settings.
60
APS User Manual
Fig. 27 Port ACL Configuration
Parameter Description
Port:
Physical port of the switch.
Policy ID:
Select the Policy to apply to this port. The allowed vales are 1 through 8.
The default value is 1.
Action:
Select whether forwarding is permitted (Permit) or denied (Deny).
The default value is Permit.
Rate Limiter ID:
Select which rate limiter to apply on this port. The allowed values are
Disabled or the values 1 through 16.
The default value is Disabled.
Port Redirect:
Select which port frames are copied on. The allowed values are Disabled or a
specific port number.
The default value is Disabled.
Mirror:
Specify the mirror operation of this port. The allowed values are:
Enabled: Frames received on the port are mirrored.
61
APS User Manual
Disabled: Frames received on the port are not mirrored.
The default value is "Disabled".
Logging:
Specify the logging operation of this port. The allowed values are:
Enabled: Frames received on the port are stored in the System Log.
Disabled: Frames received on the port are not logged.
The default value is Disabled.
Please note that the System Log memory size and logging rate is limited.
Shutdown:
Specify the port shut down operation of this port. The allowed values are:
Enabled: If a frame is received on the port, the port will be disabled.
Disabled: Port shut down is disabled.
The default value is Disabled.
State:
Used to enable or disable the selected port. The allowed values are:
Enabled: Enables the port and allows packets to be sent and received.
Disabled: Disables the port.
The default value is Enabled.
Counter:
Displays the amount of frames that match this ACE.
Refresh Button:
Used to refresh the values displayed in the counter section.
Clear Button:
Used to clear the counters.
Reset Button:
Used to reset unsaved changes to original configuration.
Apply:
Used to save the settings configured on this page.
62
APS User Manual
1.2.2-2 Rate Limiters
The section describes how to configure the ACL Rate Limiting Parameters. Up to 16 different rate
limits can be set and applied to individual ports. Rate Limits can be set in either pps (Packets Per
Second) or Kbps (Kilo Bits Per Second). Only 1 rate limit can be applied to each port.
Web Interface
To configure the ACL Rate Limiters via the Web Interface:
1. Click Configuration, ACL and Rate Limiters.
2. Configure up to 16 Rate Limiters, using either pps or Kbps.
3. Click the Apply button to save your changes or the Reset button to revert to previous
settings.
Fig. 28 Rate Limiter Configuration
Parameter Description
Rate Limiter ID:
The Rate Limiter ID, from 1 through to 16.
Rate:
Enter the required rate that you want to limit traffic flow to. If you are using
Kbps, rates must be set in increments of 100.
63
APS User Manual
Unit:
Select to limit traffic in units of either pps (Packets Per Second) or Kbps (Kilo
Bits Per Second).
Reset Button:
Used to reset unsaved changes to original configuration.
Apply:
Used to save the settings configured on this page.
64
APS User Manual
1.2.2-3 Access Control List
The section describes how to configure Access Control List rules. An Access Control List (ACL) is a
sequential list of permit or deny conditions that apply to IP addresses, MAC addresses, or other
more specific criteria. This switch tests ingress packets against the conditions in an ACL one by one.
A packet will be accepted as soon as it matches a permit rule, or dropped as soon as it matches a
deny rule. If no rules match, the frame is accepted. Other actions can also be invoked when a
matching packet is found, including rate limiting, mirroring, redirecting matching packets to another
port or to the system log, or shutting down a port.
This page shows the Access Control List (ACL), which is made up of the ACE’s defined on this switch.
Each row describes the ACE that is defined. The maximum number of ACE’s is 256 on each switch.
Click on the lowest plus sign to add a new ACE to the list. The reserved ACE’s used for internal
protocol, cannot be edited or deleted, the order sequence cannot be changed and the priority for
these entries is the highest.
Web Interface
To configure the ACL Rules via the Web Interface:
1. Click Configuration, ACL and Access Control List.
2. Click the
icon to add a new ACL or use the other ACL modification buttons, to edit or
remove an existing ACL entry.
3. Click the Apply button to save your changes or the Reset button to revert to previous
settings.
When editing an entry on the ACE Configuration page, note that the Items displayed depend on
various selections, such as Frame Type and IP Protocol Type. Specify the relevant criteria to be
matched for this rule, and set the actions to take when a rule is matched (such as Rate Limiter,
Port Redirection, Logging, and Shutdown).
65
APS User Manual
Fig. 29 Access Control List Rules
Fig. 30 Adding a new Access Control List Rule
66
APS User Manual
Parameter Description
Ingress Port:
Indicates the ingress port of the ACE. Possible values are:
Any: The ACE will match any ingress port.
Policy: The ACE will match ingress ports with a specific policy (Policy must be
created in the Ports Section before it will appear in the list).
Port: The ACE will match a specific ingress port.
Policy / Bitmask:
Indicates the Policy or Bitmask that the filter will match.
Frame Type:
Indicates the frame type of the ACE. Possible values are:
Any: The ACE will match any frame type.
Ethernet Type: The ACE will match Ethernet Type frames. Note that an
Ethernet Type based ACE will not get matched by IP and ARP frames.
ARP: The ACE will match ARP/RARP frames.
IPv4: The ACE will match all IPv4 frames.
Action:
Indicates the forwarding action of the ACE.
Permit: Frames matching the ACE may be forwarded and learned.
Deny: Frames matching the ACE are dropped.
Rate Limiter:
Indicates the rate limiter number of the ACE. The allowed range is 1 to 16.
When Disabled is displayed, the rate limiter operation is disabled.
Port Copy:
Indicates the port copy operation of the ACE. Frames matching the ACE are
copied to the port number. The allowed values are Disabled or a specific
port number. When Disabled is displayed, the port copy operation is
disabled.
Mirror:
Specify the mirror operation of this port. The allowed values are:
Enabled: Frames received on the port are mirrored.
Disabled: Frames received on the port are not mirrored.
The default value is "Disabled".
Logging:
Indicates the logging operation of the ACE. Possible values are:
Enabled: Frames matching the ACE are stored in the System Log.
Disabled: Frames matching the ACE are not logged.
Please note that the System Log memory size and logging rate is limited.
Shutdown:
Indicates the port shut down operation of the ACE. Possible values are:
Enabled: If a frame matches the ACE, the ingress port will be disabled.
Disabled: Port shut down is disabled for the ACE.
Counter:
The counter indicates the number of times the ACE was hit by a frame.
Modification Buttons:
You can modify each ACE (Access Control Entry) in the table using the
67
APS User Manual
following buttons:
Inserts a new ACE before the current row.
Edits the ACE row.
Moves the ACE up the list.
Moves the ACE down the list.
Deletes the ACE.
The lowest plus sign adds a new entry at the bottom of the ACE
listings.
Refresh Button:
Used to refresh the values displayed in the ACL section.
Clear Button:
Used to clear the selected ALC entry.
Remove All:
Used to remove all entries from the ACL list.
Ingress Port, Policy Filter and Frame Type
Ingress Port:
Indicates the ingress port of the ACE. Possible values are:
All: The ACE will match all ingress ports.
Port: The ACE will match a specific ingress port.
Policy Filter:
Specify the policy number filter for this ACE.
Any: No policy filter is specified. (Policy filter status is "don't-care".)
Specific: If you want to filter a specific policy with this ACE, choose this
value. Two fields for entering a policy value and bitmask will appear, enter
the specific policy ID and bitmask.
(Policy must be created in the Ports Section before it will appear in the list)
Frame Type:
Indicates the frame type of the ACE. Possible values are:
Any: The ACE will match any frame type.
Ethernet type: Only Ethernet Type frames can match this ACE. The IEEE
802.3 describes the value of Length/Type Field specifications to be greater
than or equal to 1536 decimal (equal to 0600 hexadecimal).
ARP: Only ARP frames can match this ACE. Notice the ARP frames won't
match the ACE with Ethernet type.
IPv4: Only IPv4 frames can match this ACE. Notice the IPv4 frames won't
match the ACE with Ethernet type.
Filter Criteria based on Selected Frame Type
Ethernet – Mac Parameters
SMAC Filter:
The type of source MAC address. Options: Any, Specific
Default: Any
68
APS User Manual
DMAC Filter:
The type of destination MAC address. Options: Any, MC - multicast, BC broadcast, UC - unicast, Specific
Default: Any
Ethernet – EtherType Filter Parameters
EtherType Filter:
This option can only be used to filter Ethernet II formatted packets. Options:
Any, Specific (600-ffff hex)
Default: Any
a detailed listing of Ethernet protocol types can be found in RFC1060. A few
of the more common types include 0800 (IP), 0806(ARP), 8137 (IPX).
ARP – Mac Parameters
SMAC Filter:
The type of source MAC address. Options: Any, Specific
Default: Any
DMAC Filter:
The type of destination MAC address. Options: Any, MC - multicast, BC broadcast, UC - unicast, Specific
Default: Any
ARP – ARP Parameters
SMAC Filter:
The type of source MAC address. Options: Any, Specific
Default: Any
ARP/RARP:
Specifies the type of ARP packet.
Any: no ARP/RARP opcode flag is specified.
ARP: frame must have ARP/RARP opcode set to ARP
RARP: frame must have ARP/RARP opcode set to RARP.
Other: frame has unknown ARP/RARP opcode flag;
Default: Any
Request/Reply:
Specifies whether the packet is an ARP request, reply, or either type.
Any: no ARP/RARP opcode flag is specified.
Request: frame must have ARP Request or RARP Request opcode flag set.
Reply: frame must have ARP Reply or RARP Reply opcode flag.
Default: Any
Sender IP Filter:
Specifies the sender's IP address.
Any: no sender IP filter is specified
Host: specifies the sender IP address in the SIP Address field.
Network: specifies the sender IP address and sender IP mask in the SIP
Address and SIP Mask fields.
Default: Any
69
APS User Manual
Target IP Filter:
Specifies the destination IP address.
Any: no target IP filter is specified
Host: specifies the target IP address in the Target IP Address field.
Network: specifies the target IP address and target IP mask in the Target IP
Address and Target IP Mask fields
Default: Any
ARP SMAC Match:
Specifies whether frames can be matched according to their sender
hardware address (SHA) field settings.
Any: any value is allowed.
0: ARP frames where SHA is not equal to the SMAC address.
1: ARP frames where SHA is equal to the SMAC address.
Default: Any
RARP DMAC Match:
Specifies whether frames can be matched according to their target
hardware address (THA) field settings.
Any: any value is allowed.
0: RARP frames where THA is not equal to the DMAC address.
1: RARP frames where THA is equal to the DMAC address.
Default: Any
IP/Ethernet Length:
Specifies whether frames can be matched according to their ARP/RARP
hardware address length (HLN) and protocol address length (PLN) settings.
Any: any value is allowed.
0: ARP/RARP frames where the HLN is equal to Ethernet (0x06) and the
(PLN) is equal to IPv4 (0x04) must not match this entry.
1: ARP/RARP frames where the HLN is equal to Ethernet (0x06) and the
(PLN) is equal to IPv4 (0x04) must match this entry.
Default: Any
IP:
Specifies whether frames can be matched according to their ARP/RARP
hardware address space (HRD) settings.
Any: any value is allowed.
0: ARP/RARP frames where the HRD is equal to Ethernet (1) must not match
this entry.
1: ARP/RARP frames where the HRD is equal to Ethernet (1) must match this
entry.
Default: Any
Ethernet:
Specifies whether frames can be matched according to their ARP/RARP
protocol address space (PRO) settings.
Any: any value is allowed.
0: ARP/RARP frames where the PRO is equal to IP (0x800) must not match
this entry.
70
APS User Manual
1: ARP/RARP frames where the PRO is equal to IP (0x800) must match this
entry.
Default: Any
IPv4 – MAC Parameters
DMAC Filter:
The type of destination MAC address. Options: Any, MC - multicast, BC broadcast, UC - unicast, Specific
Default: Any
IPv4 – IP Parameters
IP Protocol Filter:
The type of destination MAC address. Options: Any, MC - multicast, BC broadcast, UC - unicast, Specific
Default: Any
The following additional fields are displayed when these protocol filters are selected.
ICMP Parameters
ICMP Type Filter:
Specifies the type of ICMP packet to filter for this rule. Options: Any,
Specific: 0-255;
Default: Any
ICMP Code Filter:
Specifies the ICMP code of an ICMP packet to filter for this rule. Options:
Any, Specific (0-255);
Default: Any
UDP Parameters
Source Port Filter:
Specifies the UDP source filter for this rule. Options: Any, Specific (0-65535),
Range (0-65535);
Default: Any
Dest. Port Filter:
Specifies the UDP destination filter for this rule. Options: Any, Specific (065535), Range (0-65535);
Default: Any
TCP Parameters
Source Port Filter:
Specifies the TCP source filter for this rule. Options: Any, Specific (0-65535),
Range (0-65535);
Default: Any
Dest. Port Filter:
Specifies the TCP destination filter for this rule. Options: Any, Specific (065535), Range (0-65535);
Default: Any
71
APS User Manual
TCP FIN:
Specifies the TCP "No more data from sender" (FIN) value for this rule.
Any: any value is allowed.
0: TCP frames where the FIN field is set must not match this entry.
1: TCP frames where the FIN field is set must match this entry.
Default: Any
TCP SYN:
Specifies the TCP "Synchronize sequence numbers" (SYN) value for this rule.
Any: any value is allowed.
0: TCP frames where the SYN field is set must not match this entry.
1: TCP frames where the SYN field is set must match this entry.
Default: Any
TCP RST:
Specifies the TCP "Reset the connection" (RST) value for this rule.
Any: any value is allowed.
0: TCP frames where the RST field is set must not match this entry.
1: TCP frames where the RST field is set must match this entry.
Default: Any
TCP PSH:
Specifies the TCP "Push Function" (PSH) value for this rule.
Any: any value is allowed.
0: TCP frames where the PSH field is set must not match this entry.
1: TCP frames where the PSH field is set must match this entry.
Default: Any
TCP ACK:
Specifies the TCP "Acknowledgment field significant" (ACK) value for this
rule.
Any: any value is allowed.
0: TCP frames where the ACK field is set must not match this entry.
1: TCP frames where the ACK field is set must match this entry.
Default: Any
TCP URG:
Specifies the TCP "Urgent Pointer field significant" (URG) value for this rule.
Any: any value is allowed.
0: TCP frames where the URG field is set must not match this entry.
1: TCP frames where the URG field is set must match this entry.
Default: Any
IP TTL:
Specifies the time-to-Live settings for this rule.
Any: any value is allowed.
Non-zero: IPv4 frames with a TTL field greater than zero must match this
entry.
Zero: IPv4 frames with a TTL field greater than zero must not match this
entry.
Default: Any
72
APS User Manual
IP Fragment:
Specifies the fragment offset settings for this rule. This involves the settings
for the More Fragments (MF) bit and the Fragment Offset (FRAG OFFSET)
field for an IPv4 frame.
Any: any value is allowed.
Yes: IPv4 frames where the MF bit is set or the FRAG OFFSET field is greater
than zero must match this entry.
No: IPv4 frames where the MF bit is set or the FRAG OFFSET field is greater
than zero must not match this entry.
Default: Any
IP Option:
Specifies the options flag setting for this rule.
Any: any value is allowed.
Yes: IPv4 frames where the options flag is set must match this entry.
No: IPv4 frames where the options flag is set must not match this entry.
Default: Any
SIP Filter:
Specifies the source IP filter for this rule.
Any: no source IP filter is specified.
Host: specifies the source IP address in the SIP Address field.
Network: specifies the source IP address and source IP mask in the SIP
Address and SIP Mask fields.
Default: Any
DIP Filter:
Specifies the destination IP filter for this rule.
Any: no destination IP filter is specified.
Host: specifies the destination IP address in the DIP Address field.
Network: specifies the destination IP address and destination IP mask in the
DIP Address and DIP Mask fields.
Default: Any
Response to take when a rule is matched
Action:
Permits or denies a frame based on whether it matches an ACL rule.
Default: Permit
Rate Limiter:
Specifies a rate limiter to apply to the port. Range 1 – 16.
Default: Disabled
Port Copy:
Defines a port to which matching frames are copied. Range: 1-10.
Default: Disabled
Mirror:
Mirrors matching frames from this port.
Default: Disabled
ACL-based port mirroring set by this parameter and port mirroring set on
the general Mirror Configuration page are implemented independently. To
73
APS User Manual
use ACL-based mirroring, enable the Mirror parameter on the ACE
Configuration page. Then open the Mirror Configuration page, set the "Port
to mirror on" field to the required destination port, and leave the "Mode"
field Disabled.
Logging:
Enables logging of matching frames to the system log.
Default: Disabled
Open the System Log Information menu to view any entries stored in the
system log for this entry. Related entries will be displayed under the "Info"
or "All" logging levels.
Shutdown:
Shuts down a port when a matching frame is seen.
Default: Disabled
Counter:
Shows the number of frames which have matched any of the rules defined
for this ACL.
VLAN Parameters
802.1Q Tagged:
Specifies whether or not frames should be 802.1Q tagged. Options: Any,
Disabled, Enabled;
Default: Any
VLAN ID Filter:
Specifies the VLAN to filter for this rule. Options: Any, Specific (1-4095);
Default: Any
Tag Priority:
Specifies the User Priority value found in the VLAN tag (3 bits as defined by
IEEE 802.1p) to match for this rule. Options: Any, Specific (0-7);
Default: Any
Reset Button:
Used to reset unsaved changes to original configuration.
Apply:
Used to save the settings configured on this page.
Cancel:
Used to disregard any changes made.
74
APS User Manual
1.2.2-4 ACL Status
The section displays the current ACL rules configured on the switch
Web Interface
To view the ACL Rate rules via the Web Interface:
1. Click Configuration, ACL and ACL Status.
2. If you would like the page to auto-refresh the ACL Information, check the Auto-Refresh tick
box at the top of the page, or alternatively hit the refresh button to refresh the page
manually.
Fig. 31 Viewing the Access Control List Rules
Parameter Description
User:
Indicates the ACL user.
Ingress Port:
Indicates the ingress port of the ACE. Possible values are:
All: The ACE will match all ingress port.
Port: The ACE will match a specific ingress port.
Frame Type:
Indicates the frame type of the ACE. Possible values are:
Any: The ACE will match any frame type.
EType: The ACE will match Ethernet Type frames. Note that an Ethernet
Type based ACE will not get matched by IP and ARP frames.
ARP: The ACE will match ARP/RARP frames.
75
APS User Manual
IPv4: The ACE will match all IPv4 frames.
IPv4/ICMP: The ACE will match IPv4 frames with ICMP protocol.
IPv4/UDP: The ACE will match IPv4 frames with UDP protocol.
IPv4/TCP: The ACE will match IPv4 frames with TCP protocol.
IPv4/Other: The ACE will match IPv4 frames, which are not ICMP/UDP/TCP.
IPv6: The ACE will match all IPv6 standard frames.
Action:
Indicates the forwarding action of the ACE.
Permit: Frames matching the ACE may be forwarded and learned.
Deny: Frames matching the ACE are dropped.
Rate Limiter:
Indicates the rate limiter number of the ACE. The allowed range is 1 to 16.
When Disabled is displayed, the rate limiter operation is disabled.
Port Redirect:
Indicates the port redirect operation of the ACE. Frames matching the ACE
are redirected to the port number. The allowed values are Disabled or a
specific port number. When Disabled is displayed, the port redirect
operation is disabled.
Mirror:
Specify the mirror operation of this port. The allowed values are:
Enabled: Frames received on the port are mirrored.
Disabled: Frames received on the port are not mirrored.
The default value is "Disabled".
CPU:
Forward packet that matched the specific ACE to CPU.
CPU Once:
Forward first packet that matched the specific ACE to CPU.
Counter:
The counter indicates the number of times the ACE was hit by a frame.
Conflict:
Indicates the hardware status of the specific ACE. The specific ACE is not
applied to the hardware due to hardware limitations.
Auto-Refresh:
Tick the box to enable the information to be automatically refreshed.
Refresh:
Used to manually refresh the information on the page.
76
APS User Manual
1.2.3 Aggregation
The APS Series switches support two types of link aggregation, Static Trunk and LACP. Static Trunk is a
non-protocol based aggregation method where the connections are determined via source and
destination MAC Addresses. LACP is an IEEE standardized protocol used to aggregate ports. Because
it is an IEEE standard LACP trunking or aggregation can be used across multi-vendor equipment.
By Aggregating ports between two devices this allows the bandwidth to be increased. For example if
we aggregate 3 Gigabit Ports, the link between the two devices is increased to a 3Gb.
1.2.3-1 Static Trunk
This section is used to configure the static trunk settings. Here you will determine the method used
to create the static trunk and also create your aggregation groups.
Ports using Static Trunk as their trunk method can choose their unique Static Group ID to form a
logic “trunked port”. The benefit of using the Static Trunk method is that a port can immediately
become a member of a trunk group without any handshaking with its peer port. This is also a
disadvantage because the peer ports of your static trunk group may not know that they should be
aggregated together to form a “logical trunked port”. Using Static Trunk on both ends of a link is
strongly recommended. Both devices must be configured to use the same speed and duplex settings.
Web Interface
To configure the Static Trunk settings via the Web Interface:
1. Click Configuration, Aggregation and Static Trunk.
2. Select the type of method used to initiate the trunk.
3. Create the trunk group using the radio buttons in the table. Each Group ID is an individual
trunk group, add the required ports into the desired trunk group.
4. Click the Apply button to save your changes or the Reset button to revert to previous
settings.
77
APS User Manual
Fig. 32 Configuring a static trunk group
Parameter Description
Source MAC Address:
Destination MAC
Address:
IP Address:
The Source MAC address can be used to calculate the destination
port for the frame. Check to enable the use of the Source MAC address, or
uncheck to disable.
By default, Source MAC Address is enabled.
The Destination MAC Address can be used to calculate the destination port
for the frame. Check to enable the use of the Destination MAC Address, or
uncheck to disable.
By default, Destination MAC Address is disabled.
The IP address can be used to calculate the destination port for the frame.
Check to enable the use of the IP Address, or uncheck to disable.
By default, IP Address is enabled.
TCP/UDP Port Number: The TCP/UDP port number can be used to calculate the destination port for
the frame. Check to enable the use of the TCP/UDP Port Number, or uncheck
to disable.
By default, TCP/UDP Port Number is enabled.
Group ID:
Indicates the group ID for the trunk group. Up to 13 trunk groups can be
created. Each port can only belong to one trunk group. The Group ID normal
is used when no trunk groups are to be used.
78
APS User Manual
Port Members:
Each switch port is listed for each group ID. Select a radio button to include a
port in a trunk group, or select normal to remove the port from a trunk
group. By default, no ports belong to any trunk group. Only full duplex ports
can join a trunk group and ports must be the same speed in each group.
Reset Button:
Used to reset unsaved changes to original configuration.
Apply Button:
Used to save the settings configured on this page.
79
APS User Manual
1.2.3-2 LACP
Ports using Link Aggregation Control Protocol (according to IEEE 802.3ad specification) as their
trunking method can choose their unique LACP Group ID to form a logical “trunked port”. The
benefit of using LACP is that a port makes an agreement with its peer port before it becomes a ready
member of a “trunk group” (also called aggregator). LACP is safer than other trunking methods, such
as static trunking.
1.2.3-2-1 Configuration
This section is used to add ports to a LACP based trunk/aggregation group. Here you can also assign
a specific key for each trunking group you are creating or allow the switch to automatically assign a
key to the configured group.
Web Interface
To configure the LACP settings via the Web Interface:
1. Click Configuration, Aggregation, LACP and Configuration.
2. Tick the LACP Enabled check box next to the port(s) you want to enable.
3. Select to either assign a Key automatically or manually assign a key. If you are manually
assigning a key enter the key into the space provided.
4. Select the Role that you wish the port to play, either Active or Passive.
Fig. 33 Configuring a LACP trunk group
80
APS User Manual
Parameter Description
Port:
Physical port of the switch.
LACP Enabled:
Used to enable or disable LACP on the desired port. To enable LACP on an
individual port check the tick box.
Key:
The Key is used to determine a specific trunk/aggregation group. The key
can be generated automatically by the switch or you can enter a key
manually. If entering manually valid values are 1 through to 65535. For
multiple ports to belong to the same group the key must be the same on
each port.
Role:
The role determines who the port(s) handle LACP traffic. If set to Active the
port will initiate the LACP group, by sending LACP packets to the connecting
device each second. When set to Passive the port will wait to receive LACP
packets from the connecting device.
Reset Button:
Used to reset unsaved changes to original configuration.
Apply Button:
Used to save the settings configured on this page.
81
APS User Manual
1.2.3-2-2 System Status
This section displays the current status of the LACP groups.
Web Interface
To view the LACP status via the Web Interface:
1. Click Configuration, Aggregation, LACP and System Status.
2. If you want to auto-refresh the information you will need to check the Auto-Refresh tick box.
3. Click Refresh to manually refresh the information.
Parameter Description
Fig. 34 LACP Status
Aggr ID:
The Aggregation ID associated with this aggregation instance.
Partner System ID:
The system ID (MAC address) of the aggregation partner.
Partner Key:
The Key that the partner has assigned to this aggregation ID.
Last Changed:
The time since the aggregation changed.
Local Ports:
Display which ports belong to the Aggregation Group.
Auto-Refresh:
Tick the box to enable the information to be automatically refreshed.
Refresh:
Used to manually refresh the information on the page.
82
APS User Manual
1.2.3-2-3 Port Status
This section displays the current port status of the LACP groups.
Web Interface
To view the Port status via the Web Interface:
1. Click Configuration, Aggregation, LACP and Port Status.
2. If you want to auto-refresh the information you will need to check the Auto-Refresh tick box.
3. Click Refresh to manually refresh the information.
Parameter Description
Fig. 35 Port Status
Port:
Physical port of the switch.
LACP:
If LACP is enabled on the port Yes will be shown if LACP is disabled then No
will be displayed.
Key:
The key assigned to this port. Only ports with the same key can be
aggregated together.
Aggr ID:
The Aggregation ID assigned to this group.
Partner System ID:
The partners system ID. (MAC Address)
Partner Port:
The port number of the partner device.
83
APS User Manual
Auto-Refresh:
Tick the box to enable the information to be automatically refreshed.
Refresh:
Used to manually refresh the information on the page.
84
APS User Manual
1.2.3-2-4 Port Statistics
This section displays the current port statistics relating to the LACP information.
Web Interface
To view the Port statistics via the Web Interface:
1. Click Configuration, Aggregation, LACP and Port Statistics.
2. If you want to auto-refresh the information you will need to check the Auto-Refresh tick box.
3. Click Refresh to manually refresh the information.
Fig. 36 LACP Port Statistics
Parameter Description
Port:
Physical port of the switch.
LACP Received:
Shows how many LACP frames have been received on each port.
LACP Transmitted:
Shows how many LACP frames have been transmitted from each port.
Discarded:
Shows how many unknown or illegal frames have been discarded from each
port.
Auto-Refresh:
Tick the box to enable the information to be automatically refreshed.
85
APS User Manual
Refresh:
Used to manually refresh the information on the page.
86
APS User Manual
1.2.4 Spanning Tree
The Spanning Tree Protocol (STP) can be used to detect and disable network loops, and to provide
backup links between switches, bridges or routers. This allows the switch to interact with other
bridging devices (that is, an STP-compliant switch, bridge or router) in your network to ensure that
only one route exists between any two stations on the network, and provide backup links which
automatically take over when a primary link goes down.
STP uses a distributed algorithm to select a bridging device (STP- compliant switch, bridge or router)
that serves as the root of the spanning tree network. It selects a root port on each bridging device
(except for the root device) which incurs the lowest path cost when forwarding a packet from that
device to the root device. Then it selects a designated bridging device from each LAN which incurs
the lowest path cost when forwarding a packet from that LAN to the root device. All ports connected
to designated bridging devices are assigned as designated ports. After determining the lowest cost
spanning tree, it enables all root ports and designated ports, and disables all other ports. Network
packets are therefore only forwarded between root ports and designated ports, eliminating any
possible network loops.
Once a stable network topology has been established, all bridges listen for Hello BPDUs (Bridge
Protocol Data Units) transmitted from the Root Bridge. If a bridge does not get a Hello BPDU after a
predefined interval (Maximum Age), the bridge assumes that the link to the Root Bridge is down.
This bridge will then initiate negotiations with other bridges to reconfigure the network to
reestablish a valid network topology.
STP can run in one of three modes: STP, RSTP or MSTP. A device running RSTP is compatible with
other devices running STP; a device running MSTP is compatible with other devices running RSTP or
STP. By default, on a device in MSTP mode each port automatically detects the mode of the device
connected to it (MSTP, RSTP or STP), and responds in the appropriate mode by sending messages
(BPDUs) in the corresponding format. Ports on a device in RSTP mode can automatically detect and
respond to connected devices in RSTP and STP mode. Particular ports can also be forced to only
operate in a particular mode (spanning-tree force-version command).
STP
The Spanning Tree Protocol (STP) is the original protocol defined by IEEE standard 802.1D-1988. It
creates a single spanning tree over a network.
87
APS User Manual
STP mode may be useful for supporting applications and protocols whose frames may arrive out of
sequence or duplicated, for example NetBeui.
RSTP
Rapid Spanning Tree Protocol (RSTP) also creates a single spanning tree over a network. Compared
with STP, RSTP provides for more rapid convergence to an active spanning tree topology. RSTP is
defined in IEEE standard 802.1D-2004.
MSTP
The Multiple Spanning Tree Protocol (MSTP) addresses the limitations in the previous spanning tree
protocols, STP and RSTP, within networks that use multiple VLANs with topologies that employ
alternative physical links. It supports multiple spanning tree instances on any given link within a
network, and supports large networks by grouping bridges into regions that appear as a single bridge
to other devices.
MSTP is defined in IEEE standard 802.1Q-2005. The protocol builds on, and remains compatible with,
the previous IEEE standards defining STP and RSTP.
88
APS User Manual
1.2.4-1 Bridge Settings
This section is used to configure the spanning tree bridge settings, allowing full configuration of all
spanning tree parameters. Here you can select what Spanning Tree Protocol you would like the
switch to use, STP, RSTP or MSTP.
Web Interface
To configure the Bridge Settings for STP via the Web Interface:
1. Click Configuration, Spanning Tree and Bridge Settings.
2. Select the required STP protocol and configure the appropriate basic and advanced STP
parameters.
3. Click the Save button to save your changes or the Reset button to revert to previous settings.
Fig. 37 STP Bridge Settings
Parameter Description
Protocol Version:
Select the appropriate STP protocol, STP, RTP or MSTP.
Default value is MSTP.
Bridge Priority:
Controls the bridge priority. The Lower the numeric value the higher the
priority. The bridge priority plus the MSTI instance number, concatenated
with the 6-byte MAC address of the switch forms a Bridge Identifier. For
89
APS User Manual
MSTP operation, this is the priority of the CIST. Otherwise, this is the priority
of the STP/RSTP Bridge.
Default is 32768.
Forward Delay:
The delay used by STP Bridges to transit Root and Designated Ports to
Forwarding state (used in STP compatible mode). Valid values are in the
range 4 to 30 seconds.
Default is 15 seconds.
Max Age:
The maximum age of the information transmitted by the Bridge, when it is
the Root Bridge. Valid values are in the range of 6 to 40 seconds, and
MaxAge must be <= (FwdDelay-1)*2.
Default is 20.
Maximum Hop Count: This defines the initial value of remaining Hops for MSTI information
generated at the boundary of an MSTI region. It defines how many bridges a
root bridge can distribute its BPDU information to. Valid values are in the
range 6 to 40 hops.
Transmit Hold Count:
Edge Port BPDU
Filtering:
The number of BPDU's a bridge port can send per second. When exceeded,
transmission of the next BPDU will be delayed. Valid values are in the range
1 to 10 BPDU's per second.
Controls whether a port explicitly configured as Edge will transmit and
receive BPDUs.
Edge Port BPDU Guard: Controls whether a port explicitly configured as Edge will disable itself upon
reception of a BPDU. The port will enter the error-disabled state, and will be
removed from the active topology.
Port Error Recovery:
Port Error Recovery
Timeout:
Controls whether a port in the error-disabled state will automatically be
enabled after a certain time. If recovery is not enabled, ports have to be
disabled and re-enabled for normal STP operation. The condition is also
cleared by a system reboot.
The time to pass before a port in the error-disabled state can be enabled.
Valid values are between 30 and 86400 seconds (24 hours).
Reset Button:
Used to reset unsaved changes to original configuration.
Apply Button:
Used to save the settings configured on this page.
90
APS User Manual
1.2.4-2 MSTI Mapping
This section is used to map VLAN’s to MSTI’s when using the MSTP protocol. MSTP enables the
grouping and mapping of VLANs to different spanning tree instances. So, an MST Instance (MSTI) is a
particular set of VLANs that are all using the same spanning tree.
In a network where all VLANs span all links of the network, judicious choice of bridge priorities for
different MSTIs can result in different switches becoming root bridges for different MSTIs. That will
result in the different MSTIs choosing different active topologies on the network.
Multiple VLAN’s can be mapped to a single MSTI, when entering multiple VLAN ID’s, they need to be
separated using a comma. An unused MSTI should be left blank, do not enter VLAN ID’s into unused
MSTI’s.
Web Interface
To configure the MSTI Mapping’s for MSTP via the Web Interface:
1. Click Configuration, Spanning Tree and MSTI Mapping.
2. Give the configuration a name.
3. Enter the required VLAN’s into the configured MSTI(s).
4. Click the Apply button to save your changes or the Reset button to revert to previous
settings.
Fig. 38 MSTI Mappings
91
APS User Manual
Parameter Description
Configuration Name:
The name identifying the VLAN to MSTI mapping. Bridges must share the
name and revision, as well as the VLAN-to-MSTI mapping configuration in
order to share spanning trees for MSTI's (Intra-region). The name must be
no more than 32 characters.
Configuration Revision: The revision of the MSTI configuration. This must be an integer between 0
and 65535.
MSTI:
The bridge instance. The CIST is not available for explicit mapping of VLAN’s,
as it will receive the VLANs that have not been manually mapped to an
MSTI.
VLAN’s Mapped:
The list of VLANs mapped to the MSTI. The VLANs must be separated with
comma and/or space. A VLAN can only be mapped to one MSTI. An unused
MSTI should just be left empty.
Reset Button:
Used to reset unsaved changes to original configuration.
Apply Button:
Used to save the settings configured on this page.
Fig. 39 Example MSTI Configuration
92
APS User Manual
1.2.4-3 MSTI Priorities
This section is used to manually change the priority of the STP bridge instances. The CIST (Common
and Internal Spanning Tree) is the default Bridge Instance when using MSTP and is always active. Any
VLAN that has not been assigned to a MIST is assigned to the CIST. The lower the priority value, the
higher the priority the bridge has.
Web Interface
To configure the MSTI Priorities for MSTP via the Web Interface:
1. Click Configuration, Spanning Tree and MSTI Priorities.
2. Select the Bridge Priority for each of the Bridge Instances.
3. Click the Apply button to save your changes or the Reset button to revert to previous
settings.
Parameter Description
Fig. 40 MSTI Priority Configuration
MSTI:
The bridge instance. The CIST is the default instance, which is always active.
Priority:
Select the Bridge priority from the drop down box next to each MIST.
Reset Button:
Used to reset unsaved changes to original configuration.
Apply Button:
Used to save the settings configured on this page.
93
APS User Manual
1.2.4-4 CIST Ports
This section is used to configure individual STP Parameters for each port. Here you can enable and
disable STP on individual ports, configure the ports as AdminEdge ports, give certain ports higher
priority than others and much more.
Web Interface
To configure the CIST Port Parameters via the Web Interface:
1. Click Configuration, Spanning Tree and CIST Ports.
2. Select and configure the appropriate settings.
3. Click the Apply button to save your changes or the Reset button to revert to previous
settings.
Fig. 41 CIST Port Configuration
Parameter Description
Port:
Physical port of the switch.
STP Enabled:
Select to enable or disable STP on each port.
Path Cost:
Controls the path cost incurred by the port. The Auto setting will set the
path cost as appropriate by the physical link speed, using the 802.1D
recommended values. Using a Specific setting, a user-defined value can be
94
APS User Manual
entered. The path cost is used when establishing the active topology of the
network. Lower path cost ports are chosen as forwarding ports in favour of
higher path cost ports. Valid values are in the range 1 to 200000000.
Priority:
Controls the port priority. This can be used to control priority of ports having
identical port cost.
Admin Edge:
The Admin Edge function allows ports to be configured as Edge or Non-Edge
ports. When set to an Edge Port the transition to the forwarding state is
faster than Non-Edge ports. A port should be set as an Edge port if there are
no other Bridges attached to this port. E.g. no STP enabled devices
connected.
Auto Edge:
Controls whether the bridge should enable automatic edge detection on the
bridge port.
Restricted Role:
If enabled, the port cannot be selected as a Root Port for the CIST or any
MSTI, even if it has the best spanning tree priority vector. Such a port will be
selected as an Alternate Port after the Root Port has been selected. If set, it
can cause lack of spanning tree connectivity. It can be set by a network
administrator to prevent bridges external to a core region of the network
influencing the spanning tree active topology, possibly because those
bridges are not under the full control of the administrator. This feature is
also known as Root Guard.
Restricted TCN:
If enabled, the port will not propagate received topology change
notifications and topology changes to other ports. If set it can cause
temporary loss of connectivity after changes in a spanning tree's active
topology as a result of persistently incorrect learned station location
information. It is set by a network administrator to prevent bridges external
to a core region of the network, causing address flushing in that region,
possibly because those bridges are not under the full control of the
administrator or the physical link state of the attached LANs transits
frequently.
BPDU Guard:
If enabled, causes the port to disable itself upon receiving valid BPDU's.
Contrary to the similar bridge setting, the port Edge status does not affect
this setting. A port entering error-disabled state due to this setting is subject
to the bridge Port Error Recovery setting as well.
Point-to-Point:
Controls whether the port connects to a point-to-point LAN rather than to a
shared medium. This can be automatically determined, or forced either true
or false. Transition to the forwarding state is faster for point-to-point LANs
than for shared media.
95
APS User Manual
Reset Button:
Used to reset unsaved changes to original configuration.
Apply Button:
Used to save the settings configured on this page.
1.2.4-5 MSTI Ports
This section is used to configure MSTI Port parameters. An MSTI Port is a virtual port and each MSTI
has its own virtual port. The MSTI must be configured before the individual port configuration
options can be applied. This section is much the same as the CIST Port settings but configuration
done here is for each MSTI rather than the CIST.
Web Interface
To configure the MSTI Port Parameters via the Web Interface:
1. Click Configuration, Spanning Tree and MSTI Ports.
2. Select the MSTI you would like to configure and press the GET button.
3. Now you can configure the appropriate port settings for the MSTI.
4. Repeat for all MSTIs.
5. Click the Apply button to save your changes or the Reset button to revert to previous
settings.
Fig. 42 MSTI selection
96
APS User Manual
Fig. 43 MSTI Port Configuration
Parameter Description
Port:
Physical port of the switch.
Path Cost:
Controls the path cost incurred by the port. The Auto setting will set the
path cost as appropriate by the physical link speed, using the 802.1D
recommended values. Using a Specific setting, a user-defined value can be
entered. The path cost is used when establishing the active topology of the
network. Lower path cost ports are chosen as forwarding ports in favour of
higher path cost ports. Valid values are in the range 1 to 200000000.
Priority:
Controls the port priority. This can be used to control priority of ports having
identical port cost.
Reset Button:
Used to reset unsaved changes to original configuration.
Apply Button:
Used to save the settings configured on this page.
97
APS User Manual
1.2.4-6 Bridge Status
This section is used to display the status information for each of the configured STP Bridges.
Web Interface
To view the Bridge Status via the Web Interface:
1. Click Configuration, Spanning Tree and Bridge Status.
2. If you want to auto-refresh the information you will need to check the Auto-Refresh tick box.
3. Click Refresh to manually refresh the information.
Fig. 44 Bridge Status Information
Parameter Description
MSTI:
The Bridge Instance. This is also a link to the STP Detailed Bridge Status
Bridge ID:
The Bridge ID of this Bridge instance.
Root ID:
The Bridge ID of the currently elected root bridge.
Root Port:
The switch port currently assigned the root port role.
Root Cost:
Root Path Cost. For the Root Bridge it will be zero. For all other Bridges, it is
the sum of the Port Path Costs on the least cost path to the Root Bridge.
98
APS User Manual
Topology Flag:
The current state of the Topology Change Flag of this Bridge instance.
Topology Change Last: The time since the last Topology Change occurred.
Auto-Refresh:
Tick the box to enable the information to be automatically refreshed.
Refresh:
Used to manually refresh the information on the page.
99
APS User Manual
1.2.4-7 Port Status
This section is used to display the status information for each of the configured STP CIST Ports.
Web Interface
To view the STP CIST Port Status via the Web Interface:
1. Click Configuration, Spanning Tree and Port Status.
2. If you want to auto-refresh the information you will need to check the Auto-Refresh tick box.
3. Click Refresh to manually refresh the information.
Fig. 45 Port Status Information
Parameter Description
Port:
Physical port of the switch.
CIST Role:
The current STP port role of the CIST port. The port role can be one of the
following values: Non-STP, AlternatePort, Backup Port, RootPort,
DesignatedPort Disabled.
CIST State:
The current STP port state of the CIST port. The port state can be one of the
following values: Blocking, Learning and Forwarding.
Uptime:
The time since the bridge port was last initialized.
100
APS User Manual
Auto-Refresh:
Tick the box to enable the information to be automatically refreshed.
Refresh:
Used to manually refresh the information on the page.
101
APS User Manual
1.2.4-8 Port Statistics
This section is used to display the port statistics for of the configured STP CIST Ports.
Web Interface
To view the Port Statistics via the Web Interface:
1. Click Configuration, Spanning Tree and Port Statistics.
2. If you want to auto-refresh the information you will need to check the Auto-Refresh tick box.
3. Click Refresh to manually refresh the information.
Fig. 46 Port Statistics
Parameter Description
Port:
Physical port of the switch.
MSTP:
The number of MSTP Configuration BPDU's received/transmitted on the
port.
RSTP:
The number of RSTP Configuration BPDU's received/transmitted on the port.
STP:
The number of legacy STP Configuration BPDU's received/transmitted on the
port.
102
APS User Manual
TCN:
The number of (legacy) Topology Change Notification BPDU's
received/transmitted on the port.
Discarded Unknown:
The number of unknown Spanning Tree BPDU's received (and discarded) on
the port.
Discarded Illegal:
The number of illegal Spanning Tree BPDU's received (and discarded) on the
port.
Auto-Refresh:
Tick the box to enable the information to be automatically refreshed.
Refresh:
Used to manually refresh the information on the page.
103
APS User Manual
1.2.5 IGMP Snooping
IGMP Snooping is a way for Layer 2 switches to reduce the amount of multicast traffic on a LAN.
Without IGMP Snooping, Layer 2 switches handle IP multicast traffic in the same manner as
broadcast traffic and forward multicast frames received on one port to all other ports in the same
VLAN. IGMP Snooping allows switches to monitor network traffic, and determine hosts to receive
multicast traffic, by looking into IGMP packets to learn which attached hosts need to receive which
multicast groups. This allows the switch to forward multicast traffic only out the appropriate ports. If
it sees multiple reports sent for one group, it will forward only one of them.
Joining a multicast group (Membership report)
When a host wants to receive a stream, referred to as “joining a group”, it sends out an IGMP packet
containing the address of the group it wants to join. This packet is called an IGMP Membership
report, often referred to as a “join packet”. This packet is forwarded through the LAN to the local
IGMP querier, which is typically a router. Once the querier has received an IGMP join message, it
knows to forward the multicast stream to the host. If it is not already receiving the stream, it must
tell the devices between itself and the multicast source, which may be some hops away from the
querier, that it wishes to receive the stream. This might involve a process of using Layer 3 multicast
protocols to signal across a WAN, or it might be as simple as receiving a stream from a locally
connected multicast server.
Staying in the multicast group (Query message)
The Query message is used by a querier to determine whether hosts are still interested in an IGMP
group. At certain time intervals (the default is 125 seconds), the querier sends an IGMP query
message onto the local LAN. The destination address of the query message is a special “all multicast
groups” address. The purpose of this query is to ask “Are there any hosts on the LAN that wish to
remain members of multicast groups?” After receiving an IGMP query, any host that wants to
remain in a multicast group must send a new join packet for that group. If a host is a member of
more than one group, then it sends a join message for each group it wants to remain a member of.
The querier looks at the responses it receives to its query, and compares these to the list of multicast
streAPS that it is currently registered to forward. If there are any items in that list for which it has
not received query responses, it will stop forwarding those streAPS. Additionally, if it is receiving
those streAPS through a Layer 3 network, it will send a Layer 3 routing protocol message upstream,
asking to no longer receive that stream.
Leaving the multicast group (Leave message)
How a host leaves a group depends on the IGMP version that it is using. Under IGMP version 1, when
a host has finished with a data stream, the local querier continues to send the stream to the host
until it sends out the next query message and receives no reply back from the host. IGMP version 2
introduced the Leave message. This allows a host to explicitly inform its querier that it wants to
leave a particular multicast group. When the querier receives the Leave message, it sends out a
104
APS User Manual
group specific query asking whether any hosts still want to remain members of that specific group. If
no hosts respond with join messages for that group, then the querier knows that there are no hosts
on its LAN that are still members of that group. This means that for that specific group, it can ask to
be pruned from the multicast tree. IGMP version 3 removed the Leave message. Instead a host
leaves a group by sending a join message with no source specified.
The APS Series supports IGMP Snooping V1, V2 and V3 and supports up to 1024 multicast groups,
both IGMP Querier and IGMP Proxy are also supported.
1.2.5-1 Basic Configuration
This section is used to enable and configure IGMP Snooping on the APS Series switches.
Web Interface
To configure the IGMP Snooping parameters via the Web Interface:
1. Click Configuration, IGMP Snooping and Basic Configuration.
2. Select to enable or disable IGMP Snooping on the switch.
3. Configure ports to be Router Ports, Fast Leave Ports and select whether you would like to
enable throttling.
4. Click the Apply button to save your changes or the Reset button to revert to previous
settings.
Fig. 47 IGMP Snooping Configuration
105
APS User Manual
Parameter Description
Snooping Enabled:
Enable IGMP Snooping on the switch.
Unregister IPMCv4
Flooding Enabled:
Enable unregistered IPMCv4 flooding enabled.
IGMP SSM Range:
SSM (Source –Specific Multicast) range allows SSM-aware hosts and routers
that run the SSM service model to use groups in the configured address
range. Format: <IP Address>/<subnet Mask>
Proxy Enabled:
Enable IGMP Proxy. This feature can be used to avoid forwarding
unnecessary join and leave message to the IGMP router.
Port:
Physical port of the switch.
Router Port:
Specify which ports are connected to a Layer 3 multicast device of IGMP
Querier. If an aggregation member port is selected as a router port, the
whole aggregation group will act as a router port.
Fast Leave:
Enable Fast Leave on the port. Fast Leave allows the switch to remove an
interface from the IGMP table if there are no members listening on that
multicast group. Normally the group would not be removed until the
expiration timer has exceeded.
Throttling:
Throttling is used to limit the amount of multicast groups a switch port can
belong to. Valid values are unlimited or 1 through to 10.
Default is unlimited.
106
APS User Manual
1.2.5-2 VLAN Configuration
This section is used to configure specific IGMP Settings for each of the configured VLAN groups.
IGMP Snooping can be enable or disabled for every individual VLAN group. 20 VLAN groups will be
displayed on the screen by default this can be increased to a maximum of 99. The VLAN with the
lowest VID will be displayed at the top of the table. To browse to additional pages use the arrow
keys at the top of the page.
Web Interface
To configure the IGMP VLAN Configuration parameters via the Web Interface:
1. Click Configuration, IGMP Snooping and VLAN Configuration.
2. Select the appropriate IGMP parameters for the specific VLAN group.
3. Repeat for all VLAN groups configured on the switch. Use the arrow keys to move between
pages. The Refresh button can be used to refresh the page for the latest information.
4. Click the Apply button to save your changes or the Reset button to revert to previous
settings.
Fig. 48 IGMP VLAN Configuration
Parameter Description
VLAN ID:
The VLAN ID of each VLAN group.
107
APS User Manual
Snooping Enabled:
Enable IGMP Snooping for each individual VLAN group. A maximum of 32
VLAN’s can be enabled at any one time.
IGMP Querier:
A router is used to send IGMP query messages to IGMP enabled hosts. The
IGMP router can also be called the IGMP Querier. This option is used to
enable the IGMP Querier function on an individual VLAN.
Compatibility:
Compatibility is maintained by hosts and routers taking appropriate actions
depending on the versions of IGMP operating on hosts and routers within a
network. The allowed selection is IGMP-Auto, Forced IGMPv1, Forced
IGMPv2, and Forced IGMPv3.
Default compatibility value is IGMP-Auto.
RV:
Robustness Variable. The Robustness Variable allows tuning for the
expected packet loss on a network. The allowed range is 1 to 255;
Default robustness variable value is 2.
QI:
Query Interval. The Query Interval is the interval between General Queries
sent by the Querier. The allowed range is 1 to 31744 seconds;
Default query interval is 125 seconds.
QRI:
Query Response Interval. The Max Response Time used to calculate the Max
Resp Code inserted into the periodic General Queries. The allowed range is 0
to 31744 in tenths of seconds;
Default query response interval is 100 in tenths of seconds (10 seconds).
LLQI (LMQI for IGMP): Last Member Query Interval. The Last Member Query Time is the time value
represented by the Last Member Query Interval, multiplied by the Last
Member Query Count. The allowed range is 0 to 31744 in tenths of seconds;
Default last member query interval is 10 in tenths of seconds (1 second).
URI:
Unsolicited Report Interval. The Unsolicited Report Interval is the time
between repetitions of a host's initial report of membership in a group. The
allowed range is 0 to 31744 seconds.
Default unsolicited report interval is 1 second.
Reset Button:
Used to reset unsaved changes to original configuration.
Apply Button:
Used to save the settings configured on this page.
Refresh:
Used to manually refresh the information on the page.
<<, >>:
The arrow keys are used to navigate between the pages, displaying the
current VLAN’s configured on the switch.
108
APS User Manual
1.2.5-3 Port Group Filtering
With this feature, you can filter multicast joins on a per-port basis by configuring IP multicast profiles
and associating them with individual switch ports. An IGMP profile can contain one or more
multicast groups and when applied to a port to deny access to that port on the configured multicast
address. If an IGMP profile denying access to a multicast group is applied to a switch port, the IGMP
join report requesting the stream of IP multicast traffic is dropped, and the port is not allowed to
receive IP multicast traffic from that group.
IGMP filtering controls only IGMP membership join reports and has no relationship to the function
that directs the forwarding of IP multicast traffic.
Web Interface
To configure the IGMP Port Group Filtering entries via the Web Interface:
1. Click Configuration, IGMP Snooping and Port Group Filtering.
2. Click Add New Filtering Group.
3. Specify the Multicast IP Address and click Apply to save the settings.
4. If you wish to delete an entry check the delete tick box and click Apply.
5. Click the Apply button to save your changes or the Reset button to revert to previous
settings.
Fig. 49 Multicast Address Filtering
109
APS User Manual
Parameter Description
Delete:
Check to delete the entry, and click Apply save the changes and remove the
selected entry.
Port:
Select the Port you would like to enable filtering for the configured Multicast
address.
Filtering Groups:
Enter the IP Address of the Multicast group to be filtered.
Valid values are 224.x.y.z to 239.x.y.z.
Reset Button:
Used to reset unsaved changes to original configuration.
Apply Button:
Used to save the settings configured on this page.
110
APS User Manual
1.2.5-4 Status
This section is used to view the status of all configured IGMP parameters on the APS Series switches.
Web Interface
To view the IGMP Status via the Web Interface:
1. Click Configuration, IGMP Snooping and Status.
2. If you want to auto-refresh the information you will need to check the Auto-Refresh tick box.
3. Click Refresh to manually refresh the information.
Fig. 50 IGMP Status
Parameter Description
VLAN ID:
The VLAN ID of the entry.
Querier Version:
The current version of the IGMP Querier.
Host Version:
The current version of the host.
Querier Status:
Shows the Querier status of either “Active” or “Idle”.
Queries Transmitted:
The number of transmitted queries.
Queries Received:
The number of received queries.
111
APS User Manual
V1 Reports Received:
The number of Received V1 Reports.
V2 Reports Received:
The number of Received V2 Reports.
V3 Reports Received:
The number of Received V3 Reports.
V2 Leaves Received:
The number of Received V2 Leaves.
Auto-Refresh:
Tick the box to enable the information to be automatically refreshed.
Refresh:
Used to manually refresh the information on the page.
112
APS User Manual
1.2.5-5 Groups Information
This section displays the learnt IGMP groups. The IGMP Group Table is sorted first by VLAN ID, and
then by group. They will use the last entry of the currently displayed table as a basis for the next
lookup. When the end is reached the text "No more entries" is shown in the displayed table. Use the
button to start over.
Web Interface
To view the IGMP Group Information via the Web Interface:
1. Click Configuration, IGMP Snooping and Groups Information.
2. If you want to auto-refresh the information you will need to check the Auto-Refresh tick box.
3. Click Refresh to manually refresh the information.
Fig. 51 IGMP group information
Parameter Description
VLAN ID:
The VLAN ID of the entry.
Groups:
IGMP group address.
Port Members:
Physical Ports on the switch that belong to the IGMP Multicast Group.
Auto-Refresh:
Tick the box to enable the information to be automatically refreshed.
113
APS User Manual
Refresh:
Used to manually refresh the information on the page.
<<, >>:
The arrow keys are used to navigate between the pages, displaying the
current VLAN’s configured on the switch.
114
APS User Manual
1.2.5-6 IPv4 SSM Information
Source Specific Multicast (SSM) is a datagram delivery model that best supports one-to-many
applications, also known as broadcast applications. SSM is a core network technology of IP multicast
targeted for audio and video broadcast application environments.
For the SSM delivery mode, an IP multicast receiver host must use IGMP Version 3 (IGMPv3) to
subscribe to channel (S, G). By subscribing to this channel, the receiver host is indicating that it
wants to receive IP multicast traffic sent by source host S to group G. The network will deliver IP
multicast packets from source host S to group G to all hosts in the network that have subscribed to
the channel (S, G).
SSM does not require group address allocation within the network, only within each source host.
Different applications running on the same source host must use different SSM groups. Different
applications running on different source hosts can arbitrarily reuse SSM group addresses without
causing any excess traffic on the network.
Addresses in the range 232.0.0.0/8 (232.0.0.0 to 232.255.255.255) are reserved for SSM by IANA.
The APS also allows you to configure SSM for arbitrary IP multicast addresses also.
Web Interface
To view the IPv4 SSM Information via the Web Interface:
1. Click Configuration, IGMP Snooping and IPv4 SSM Information.
2. If you want to auto-refresh the information you will need to check the Auto-Refresh tick box.
3. Click Refresh to manually refresh the information.
115
APS User Manual
Fig. 52 IPv4 SSM information
Parameter Description
VLAN ID:
The VLAN ID of the entry.
Group:
Multicast Group Address.
Port:
Physical port number of the switch.
Mode:
Indicates the filtering mode maintained per (VLAN ID, port number, Group
Address) basis. It can be either Include or Exclude.
Source Address:
Source IP Address of the group, current limit on the system for filtering is
128 IP addresses.
Type:
Indicates the type, either Allow or Deny.
Auto-Refresh:
Tick the box to enable the information to be automatically refreshed.
Refresh:
Used to manually refresh the information on the page.
<<, >>:
The arrow keys are used to navigate between the pages, displaying the
current VLAN’s configured on the switch.
116
APS User Manual
1.2.6 MLD Snooping
Multicast Listener Discovery (MLD) snooping constrains the flooding of IPv6 multicast traffic on
VLANs on a switch. When MLD snooping is enabled on a VLAN, the APS Series Switches examine
MLD messages between hosts and multicast routers and learn which hosts are interested in
receiving traffic for a multicast group. Based on what it learns, the switch then forwards multicast
traffic only to those interfaces in the VLAN that are connected to interested receivers instead of
flooding the traffic to all interfaces.
By default, a switch floods Layer 2 multicast traffic on all interfaces on a switch, except for the
interface that is the source of the multicast traffic. This behaviour can consume significant amounts
of bandwidth.
You can enable MLD snooping to avoid this flooding. When you enable MLD snooping, the switch
monitors MLD messages between receivers and multicast routers and uses the content of the
messages to build an IPv6 multicast forwarding table—a database of IPv6 multicast groups and the
interfaces that are connected to members of the groups. When the switch receives multicast traffic
for a multicast group, it uses the forwarding table to forward the traffic only to interfaces that are
connected to receivers that belong to the multicast group.
The APS Series switches support MLD v1 and v2.
1.2.6-1 Basic Configuration
This section is used to enable and configure MLD Snooping on the APS Series switches.
Web Interface
To configure the MLD Snooping parameters via the Web Interface:
1. Click Configuration, MLD Snooping and Basic Configuration.
2. Select to enable or disable MLD Snooping on the switch.
3. Configure ports to be Router Ports, Fast Leave Ports and select whether you would like to
enable throttling.
4. Click the Apply button to save your changes or the Reset button to revert to previous
settings.
117
APS User Manual
Fig. 53 MLD Snooping Configuration
Parameter Description
Snooping Enabled:
Enable MLD Snooping on the switch.
Unregister IPMCv6
Flooding Enabled:
Enable unregistered IPMCv6 flooding enabled.
MLD SSM Range:
SSM (Source –Specific Multicast) range allows SSM-aware hosts and routers
that run the SSM service model to use groups in the configured address
range. Format: <IP Address v6>/<subnet Mask>
Proxy Enabled:
Enable MLD Proxy. This feature can be used to avoid forwarding
unnecessary join and leave message to the MLD router.
Port:
Physical port of the switch.
Router Port:
Specify which ports are connected to a Layer 3 multicast device of MLD
Querier. If an aggregation member port is selected as a router port, the
whole aggregation group will act as a router port.
Fast Leave:
Enable Fast Leave on the port. Fast Leave allows the switch to remove an
interface from the MLD table if there are no members listening on that
multicast group. Normally the group would not be removed until the
expiration timer has exceeded.
118
APS User Manual
Throttling:
Throttling is used to limit the amount of IPv6 multicast groups a switch port
can belong to. Valid values are unlimited or 1 through to 10.
Default is unlimited.
119
APS User Manual
1.2.6-2 VLAN Configuration
This section is used to configure specific MLD Settings for each of the configured VLAN groups. MLD
Snooping can be enabled or disabled for every individual VLAN group. 20 VLAN groups will be
displayed on the screen by default this can be increased to a maximum of 99. The VLAN with the
lowest VID will be displayed at the top of the table. To browse to additional pages use the arrow
keys at the top of the page.
Web Interface
To configure the MLD VLAN Configuration parameters via the Web Interface:
1. Click Configuration, MLD Snooping and VLAN Configuration.
2. Select the appropriate MLD parameters for the specific VLAN group.
3. Repeat for all VLAN groups configured on the switch. Use the arrow keys to move between
pages. The Refresh button can be used to refresh the page for the latest information.
4. Click the Apply button to save your changes or the Reset button to revert to previous
settings.
Fig. 54 MLD VLAN Configuration
Parameter Description
VLAN ID:
The VLAN ID of each VLAN group.
120
APS User Manual
Snooping Enabled:
Enable MLD Snooping for each individual VLAN group. A maximum of 32
VLAN’s can be enabled at any one time.
MLD Querier:
A router is used to send MLD query messages to MLD enabled hosts. The
MLD router can also be called the MLD Querier. This option is used to enable
the MLD Querier function on an individual VLAN.
Compatibility:
Compatibility is maintained by hosts and routers taking appropriate actions
depending on the versions of MLD operating on hosts and routers within a
network. The allowed selection is MLD-Auto, Forced MLDv1 and Forced
MLDv2.
Default compatibility value is MLD-Auto.
RV:
Robustness Variable. The Robustness Variable allows tuning for the
expected packet loss on a network. The allowed range is 1 to 255;
Default robustness variable value is 2.
QI:
Query Interval. The Query Interval is the interval between General Queries
sent by the Querier. The allowed range is 1 to 31744 seconds;
Default query interval is 125 seconds.
QRI:
Query Response Interval. The Max Response Time used to calculate the Max
Resp Code inserted into the periodic General Queries. The allowed range is 0
to 31744 in tenths of seconds;
Default query response interval is 100 in tenths of seconds (10 seconds).
LLQI (LMQI for MLD):
Last Member Query Interval. The Last Member Query Time is the time value
represented by the Last Member Query Interval, multiplied by the Last
Member Query Count. The allowed range is 0 to 31744 in tenths of seconds;
Default last member query interval is 10 in tenths of seconds (1 second).
URI:
Unsolicited Report Interval. The Unsolicited Report Interval is the time
between repetitions of a host's initial report of membership in a group. The
allowed range is 0 to 31744 seconds.
Default unsolicited report interval is 1 second.
Reset Button:
Used to reset unsaved changes to original configuration.
Apply Button:
Used to save the settings configured on this page.
Refresh:
Used to manually refresh the information on the page.
<<, >>:
The arrow keys are used to navigate between the pages, displaying the
current VLAN’s configured on the switch.
121
APS User Manual
1.2.6-3 Port Group Filtering
With this feature, you can filter multicast joins on a per-port basis by configuring IP multicast profiles
and associating them with individual switch ports. An IGMP profile can contain one or more
multicast groups and when applied to a port to deny access to that port on the configured multicast
address. If an IGMP profile denying access to a multicast group is applied to a switch port, the IGMP
join report requesting the stream of IP multicast traffic is dropped, and the port is not allowed to
receive IP multicast traffic from that group.
MLD filtering controls only MLD membership join reports and has no relationship to the function
that directs the forwarding of IP multicast traffic.
Web Interface
To configure the MLD Port Group Filtering entries via the Web Interface:
1. Click Configuration, MLD Snooping and Port Group Filtering.
2. Click Add New Filtering Group.
3. Specify the Multicast IP Address and click Apply to save the settings.
4. If you wish to delete an entry check the delete tick box and click Apply.
5. Click the Apply button to save your changes or the Reset button to revert to previous
settings.
Fig. 55 Multicast Address Filtering
122
APS User Manual
Parameter Description
Delete:
Check to delete the entry, and click Apply save the changes and remove the
selected entry.
Port:
Select the Port you would like to enable filtering for the configured Multicast
address.
Filtering Groups:
Enter the IP Address of the Multicast group to be filtered.
Reset Button:
Used to reset unsaved changes to original configuration.
Apply Button:
Used to save the settings configured on this page.
123
APS User Manual
1.2.6-4 Status
This section is used to view the status of all configured MLD parameters on the APS Series switches.
Web Interface
To view the MLD Status via the Web Interface:
1. Click Configuration, MLD Snooping and Status.
2. If you want to auto-refresh the information you will need to check the Auto-Refresh tick box.
3. Click Refresh to manually refresh the information.
Fig. 56 MLD Status
Parameter Description
VLAN ID:
The VLAN ID of the entry.
Querier Version:
The current version of the MLD Querier.
Host Version:
The current version of the host.
Querier Status:
Shows the Querier status of either “Active” or “Idle”.
Queries Transmitted:
The number of transmitted queries.
Queries Received:
The number of received queries.
124
APS User Manual
V1 Reports Received:
The number of Received V1 Reports.
V2 Reports Received:
The number of Received V2 Reports.
V1 Leaves Received:
The number of Received V2 Leaves.
Auto-Refresh:
Tick the box to enable the information to be automatically refreshed.
Refresh:
Used to manually refresh the information on the page.
125
APS User Manual
1.2.6-5 Groups Information
This section displays the learnt MLD groups. The MLD Group Table is sorted first by VLAN ID, and
then by group. They will use the last entry of the currently displayed table as a basis for the next
lookup. When the end is reached the text "No more entries" is shown in the displayed table. Use the
button to start over.
Web Interface
To view the MLD Group Information via the Web Interface:
1. Click Configuration, MLD Snooping and Groups Information.
2. If you want to auto-refresh the information you will need to check the Auto-Refresh tick box.
3. Click Refresh to manually refresh the information.
Fig. 57 MLD group information
Parameter Description
VLAN ID:
The VLAN ID of the entry.
Groups:
MLD group address.
Port Members:
Physical Ports on the switch that belong to the MLD Multicast Group.
Auto-Refresh:
Tick the box to enable the information to be automatically refreshed.
126
APS User Manual
Refresh:
Used to manually refresh the information on the page.
<<, >>:
The arrow keys are used to navigate between the pages, displaying the
current VLAN’s configured on the switch.
127
APS User Manual
1.2.6-6 IPv6 SSM Information
Source Specific Multicast (SSM) is a datagram delivery model that best supports one-to-many
applications, also known as broadcast applications. SSM is a core network technology of IP multicast
targeted for audio and video broadcast application environments.
For the SSM delivery mode, an IP multicast receiver host must use IGMP Version 3 (IGMPv3) to
subscribe to channel (S, G). By subscribing to this channel, the receiver host is indicating that it
wants to receive IP multicast traffic sent by source host S to group G. The network will deliver IP
multicast packets from source host S to group G to all hosts in the network that have subscribed to
the channel (S, G).
SSM does not require group address allocation within the network, only within each source host.
Different applications running on the same source host must use different SSM groups. Different
applications running on different source hosts can arbitrarily reuse SSM group addresses without
causing any excess traffic on the network.
Web Interface
To view the IPv6 SSM Information via the Web Interface:
1. Click Configuration, MLD Snooping and IPv6 SSM Information.
2. If you want to auto-refresh the information you will need to check the Auto-Refresh tick box.
3. Click Refresh to manually refresh the information.
Fig. 58 IPv6 SSM information
128
APS User Manual
Parameter Description
VLAN ID:
The VLAN ID of the entry.
Group:
Multicast Group Address.
Port:
Physical port number of the switch.
Mode:
Indicates the filtering mode maintained per (VLAN ID, port number, Group
Address) basis. It can be either Include or Exclude.
Source Address:
Source IP Address of the group, current limit on the system for filtering is
128 IP addresses.
Type:
Indicates the type, either Allow or Deny.
Auto-Refresh:
Tick the box to enable the information to be automatically refreshed.
Refresh:
Used to manually refresh the information on the page.
<<, >>:
The arrow keys are used to navigate between the pages, displaying the
current VLAN’s configured on the switch.
129
APS User Manual
1.2.7 MVR
Multicast VLAN registration (MVR) allows you to efficiently distribute IPTV multicast streAPS across
an Ethernet ring-based Layer 2 network and reduce the amount of bandwidth consumed by this
multicast traffic.
In a standard Layer 2 network, a multicast stream received on one VLAN is never distributed to
interfaces outside that VLAN. If hosts in multiple VLANs request the same multicast stream, a
separate copy of that multicast stream is distributed to the requesting VLANs.
MVR introduces the concept of a multicast source VLAN (MVLAN), which is created by MVR and
becomes the only VLAN over which IPTV multicast traffic flows throughout the Layer 2 network. The
Alloy APS Series Switches that are enabled for MVR selectively forward IPTV multicast traffic from
interfaces on the MVLAN (source interfaces) to hosts that are connected to interfaces that are not
part of the MVLAN. These interfaces are known as MVR receiver ports. The MVR receiver ports can
receive traffic from a port on the MVLAN but cannot send traffic onto the MVLAN, and they remain
in their own VLANs for bandwidth and security reasons.
1.2.7-1 Configuration
This section is used to enable and configure MVR on the APS Series switches.
Web Interface
To configure the MVR parameters via the Web Interface:
1. Click Configuration, MVR and Configuration.
2. Select to enable or disable MVR.
3. Configure settings for each individual port.
4. Click the Apply button to save your changes or the Reset button to revert to previous
settings.
130
APS User Manual
Fig. 59 MVR Configuration
Parameter Description
MVR Mode:
Used to enable or disable MVR globally on the switch.
VLAN ID:
Specify the VLAN ID used for Multicasting.
Port:
Physical port of the switch.
Mode:
Enable MVR on a per port basis.
Type:
Specify the port type, this can be either Receiver or Source. When set to
source, the port should be connected to a device that is sending the
multicast stream. If set to receiver, the port will be connected to a device
that is wanting to receive the multicast stream.
Immediate Leave:
Enable Multicast’s fast leave parameter on the port.
Reset Button:
Used to reset unsaved changes to original configuration.
Apply Button:
Used to save the settings configured on this page.
131
APS User Manual
1.2.7-2 Groups Information
This section displays the learnt MVR groups. The MVR Group Table is sorted first by VLAN ID, and
then by group. They will use the last entry of the currently displayed table as a basis for the next
lookup. When the end is reached the text "No more entries" is shown in the displayed table. Use the
button to start over.
Web Interface
To view the MVR Group Information via the Web Interface:
1. Click Configuration, MVR and Groups Information.
2. If you want to auto-refresh the information you will need to check the Auto-Refresh tick box.
3. Click Refresh to manually refresh the information.
Fig. 60 MVR group information
Parameter Description
VLAN ID:
The VLAN ID of the entry.
Groups:
MVR group address.
Port Members:
Physical Ports on the switch that belong to the MLD Multicast Group.
Auto-Refresh:
Tick the box to enable the information to be automatically refreshed.
132
APS User Manual
Refresh:
Used to manually refresh the information on the page.
<<, >>:
The arrow keys are used to navigate between the pages, displaying the
current VLAN’s configured on the switch.
1.2.7-3 Statistics
This section is used to view the statistics of all configured MVR parameters on the APS Series
switches.
Web Interface
To view the MVR Statistics via the Web Interface:
1. Click Configuration, MVR and Statistics.
2. If you want to auto-refresh the information you will need to check the Auto-Refresh tick box.
3. Click Refresh to manually refresh the information.
Fig. 61 MVR Statistics
Parameter Description
VLAN ID:
The VLAN ID of the entry.
V1 Reports Received:
The number of Received V1 Reports.
V2 Reports Received:
The number of Received V2 Reports.
133
APS User Manual
V3 Reports Received:
The number of Received V3 Reports.
V2 Leaves Received:
The number of Received V2 Leaves.
Auto-Refresh:
Tick the box to enable the information to be automatically refreshed.
Refresh:
Used to manually refresh the information on the page.
134
APS User Manual
1.2.8 LLDP
LLDP enables Ethernet network devices, such as switches and routers, to transmit and/or receive
device-related information to or from directly connected devices on the network, and to store such
information learned about other devices. The data sent and received by LLDP is useful for many
reasons. The switch can discover neighbours—other devices directly connected to it. Devices can use
LLDP to advertise some parts of their Layer 2 configuration to their neighbours, enabling some kinds
of misconfiguration to be more easily detected and corrected.
LLDP is a link level (“one hop”) protocol; LLDP information can only be sent to and received from
devices that are directly connected to each other, or connected via a hub or repeater. Advertised
information is not forwarded on to other devices on the network.
The information transmitted in LLDP advertisements flows in one direction only, from one device to
its neighbours, and the communication ends there. Transmitted advertisements do not solicit
responses, and received advertisements do not solicit acknowledgement.
LLDP operates over physical ports (Layer 2) only. For example, it can be configured on switch ports
that belong to static or dynamic aggregated links (channel groups), but not on the aggregated links
themselves; and on switch ports that belong to VLANs, but not on the VLANs themselves.
1.2.8-1 LLDP Configuration
This section is used to enable and configure LLDP on the APS Series switches.
Web Interface
To configure the LLDP parameters via the Web Interface:
1. Click Configuration, LLDP and LLDP Configuration.
2. Modify any LLDP timing parameters if needed.
3. Disable, enable two way communication, Tx only or Rx only on a per port basis.
4. Specify the information to include in the TLV field of advertised messages.
5. Click the Apply button to save your changes or the Reset button to revert to previous
settings.
135
APS User Manual
Fig. 62 LLDP Configuration
Parameter Description
Tx Interval:
The switch will periodically transmit LLDP frames to its neighbours to ensure
the discovery information is kept up to date. The interval between each
LLDP frame is determined by the Tx Interval value.
Valid values are restricted to 5 – 32768 seconds.
Tx Hold:
Each LLDP frame contains information about how long the information in
the LLDP frame shall be considered valid. The LLDP information valid period
is set to Tx Hold multiplied by Tx Interval seconds.
Valid values are restricted to 2 - 10 times.
Tx Delay:
When configuration changes are made to a device, a new LLDP frame is
transmitted to update its information. The time between the frames being
sent will always be at least the value of “Tx Delay”. Tx Delay cannot be larger
than a ¼ of the Tx Interval value.
Valid values are restricted to 1 – 8192 seconds.
Tx Reint:
When a port is disabled, LLDP is disabled or the switch is rebooted, an LLDP
shutdown frame is transmitted to the neighbouring units, signalling that the
LLDP information isn't valid anymore. Tx Reinit controls the amount of
seconds between the shutdown frame and a new LLDP initialization.
Valid values are restricted to 1 - 10 seconds.
136
APS User Manual
Port:
Physical port of the switch.
Mode:
Used to select the LLDP mode for each port.
RX Only – The switch will not transmit LLDP frames from this port, but is
able to receive LLDP frames from other devices.
TX Only – Any received LLDP frames will be dropped, but the switch is able
to send LLDP frames.
Disabled – The switch will drop incoming LLDP frames and will not transmit
LLDP information.
Enabled – The switch can send and receive LLDP frames.
CDP Aware:
The CDP operation is restricted to decoding incoming CDP frames (The
switch doesn't transmit CDP frames). CDP frames are only decoded if LLDP
on the port is enabled. Only CDP TLVs that can be mapped to a
corresponding field in the LLDP neighbours table are decoded. All other TLVs
are discarded (Unrecognized CDP TLVs and discarded CDP frames are not
shown in the LLDP statistics.). CDP TLVs are mapped onto LLDP neighbours
table.
Both the CDP and LLDP support "system capabilities", but the CDP
capabilities cover capabilities that are not part of the LLDP. These
capabilities are shown as "others" in the LLDP neighbours table. If all ports
have CDP awareness disabled the switch forwards CDP frames received from
neighbour devices. If at least one port has CDP awareness enabled all CDP
frames are terminated by the switch.
Tick the box to enable CDP on each individual port.
Port Descr:
Optional TLV: When checked the "port description" is included in LLDP
information transmitted.
Sys Name:
Optional TLV: When checked the "system name" is included in LLDP
information transmitted.
Sys Descr:
Optional TLV: When checked the "system description" is included in LLDP
information transmitted.
Sys Capa:
Optional TLV: When checked the "system capability" is included in LLDP
information transmitted.
Mgmt Addr:
Optional TLV: When checked the "management address" is included in LLDP
information transmitted.
Reset Button:
Used to reset unsaved changes to original configuration.
Apply Button:
Used to save the settings configured on this page.
137
APS User Manual
1.2.8-2 LLDP Neighbors
This section is used to display the neighbors that have been discovered by the APS Series switch.
Web Interface
To view the LLDP neighbors via the Web Interface:
1. Click Configuration, LLDP and LLDP Neighbors.
2. If you want to auto-refresh the information you will need to check the Auto-Refresh tick box.
3. Click Refresh to manually refresh the information.
Fig. 63 LLDP Neighbour Information
Parameter Description
Local Port:
The port on which the LLDP frame was received.
Chassis ID:
The Chassis ID is the identification of the neighbours LLDP frames.
Remote Port ID:
The Remote Port ID is the identification of the neighbour port.
System Name:
System Name is the name advertised by the neighbour unit.
Port Description:
Port Description is the port description advertised by the neighbour unit.
138
APS User Manual
System Capabilities:
System Capabilities describes the neighbour unit's capabilities. The possible
capabilities are:
Other, Repeater, Bridge, WLAN Access Point, Router, Telephone, DOCSIS
cable device, Station only or Reserved.
When a capability is enabled, the capability is followed by (+). If the
capability is disabled, the capability is followed by (-).
System Description:
System Description is the port description advertised by the neighbour unit.
Management Address: Management Address is the neighbour unit's address that is used for higher
layer entities to assist discovery by the network management. This could for
instance hold the neighbour's IP address.
Auto-Refresh:
Tick the box to enable the information to be automatically refreshed.
Refresh:
Used to manually refresh the information on the page.
139
APS User Manual
1.2.8-3 LLDP-MED Configuration
Media Endpoint Discovery is an enhancement of LLDP, known as LLDP-MED that provides the
following facilities:
Auto-discovery of LAN policies (such as VLAN, Layer 2 Priority and Differentiated services (Diffserv)
settings) enabling plug and play networking.
Device location discovery to allow creation of location databases and, in the case of Voice over
Internet Protocol (VoIP), Enhanced 911 services.
Extended and automated power management of Power over Ethernet (PoE) end points.
Inventory management, allowing network administrators to track their network devices, and
determine their characteristics (manufacturer, software and hardware versions, and serial or asset
number).
This page allows you to configure the LLDP-MED. This function applies to VoIP devices which support
LLDP-MED.
Web Interface
To configure the LLDP-MED parameters via the Web Interface:
1. Click Configuration, LLDP and LLDP-MED Configuration.
2. Modify the fast repeat setting if required.
3. Fill in the required fields for the location parameters.
4. Add a new LLDP-MED policy and configured additional settings.
5. Assign Policy for required ports.
6. Click the Apply button to save your changes or the Reset button to revert to previous
settings.
140
APS User Manual
Fig. 64 LLDP-MED Configuration
Parameter Description
Fast Start Repeat Count:
Rapid startup and Emergency Call Service Location Identification Discovery
of endpoints is a critically important aspect of VoIP systems in general. In addition, it is best to
advertise only those pieces of information which are specifically relevant to particular endpoint
types (for example only advertise the voice network policy to permitted voice-capable devices), both
in order to conserve the limited LLDPU space and to reduce security and system integrity issues that
can come with inappropriate knowledge of the network policy.
With this in mind LLDP-MED defines an LLDP-MED Fast Start interaction between the protocol and
the application layers on top of the protocol, in order to achieve these related properties. Initially, a
Network Connectivity Device will only transmit LLDP TLVs in an LLDPDU. Only after an LLDP-MED
Endpoint Device is detected, will an LLDP-MED capable Network Connectivity Device start to
advertise LLDP-MED TLVs in outgoing LLDPDUs on the associated port. The LLDP-MED application
will temporarily speed up the transmission of the LLDPDU to start within a second, when a new
LLDP-MED neighbour has been detected in order to share LLDP-MED information as fast as possible
to new neighbours.
Because there is a risk of an LLDP frame being lost during transmission between neighbours, it is
recommended to repeat the fast start transmission multiple times to increase the possibility of the
neighbours receiving the LLDP frame. With Fast start repeat count it is possible to specify the
number of times the fast start transmission will be repeated. The recommended value is 4 times,
141
APS User Manual
given that 4 LLDP frames with a 1 second interval will be transmitted, when an LLDP frame with new
information is received.
It should be noted that LLDP-MED and the LLDP-MED Fast Start mechanism is only intended to run
on links between LLDP-MED Network Connectivity Devices and Endpoint Devices, and as such does
not apply to links between LAN infrastructure elements, including Network Connectivity Devices, or
other types of links.
Latitude:
Latitude SHOULD be normalized to within 0-90 degrees with a maximum of
4 digits. It is possible to specify the direction to either North of the equator
or South of the equator.
Longitude:
Longitude SHOULD be normalized to within 0-180 degrees with a maximum
of 4 digits. It is possible to specify the direction to either East of the prime
meridian or West of the prime meridian.
Altitude:
Altitude SHOULD be normalized to within -32767 to 32767 with a maximum
of 4 digits. It is possible to select between two altitude types (floors or
meters).
Meters: Representing meters of Altitude defined by the vertical datum
specified.
Floors: Representing altitude in a form more relevant in buildings which
have different floor-to-floor dimensions. An altitude = 0.0 is meaningful
even outside a building, and represents ground level at the given latitude
and longitude. Inside a building, 0.0 represents the floor level associated
with ground level at the main entrance.
Map Datum:
The Map Datum is used for the coordinates given in these options:
WGS84: (Geographical 3D) - World Geodesic System 1984, CRS Code 4327,
and Prime Meridian Name: Greenwich.
NAD83/NAVD88: North American Datum 1983, CRS Code 4269, Prime
Meridian Name: Greenwich; the associated vertical datum is the North
American Vertical Datum of 1988 (NAVD88). This datum pair is to be used
when referencing locations on land, not near tidal water (which would use
Datum = NAD83/MLLW).
NAD83/MLLW: North American Datum 1983, CRS Code 4269, Prime
Meridian Name: Greenwich; the associated vertical datum is Mean Lower
Low Water (MLLW). This datum pair is to be used when referencing
locations on water/sea/ocean.
142
APS User Manual
Country Code:
The two-letter ISO 3166 country code in capital ASCII letters - Example: DK,
DE or US.
State:
National subdivisions (state, canton, region, province, prefecture).
County:
County, parish, gun (Japan), district.
City:
City, township, shi (Japan) - Example: Melbourne.
City District:
City division, borough, city district, ward, chou (Japan).
Block:
Neighbourhood, block.
Street:
Street name.
Leading Street Direction: Leading street direction - Example: N.
Trailing Street suffix:
Trailing street suffix - Example: SW.
Street Suffix:
Street suffix - Example: Ave
House No:
House number - Example: 585
House no. suffix:
House number suffix - Example: A, ½
Landmark:
Landmark or vanity address - Example: Monash University.
Additional Location Info: Additional location info - Example: South Wing.
Name:
Name (residence and/or office occupant) - Example: John Smith
Zip Code:
Postal/zip code - Example: 3168
Building:
Building (structure) - Example: Low Library.
Apartment:
Unit (Apartment, suite) - Example: 4
Floor:
Floor number.
Room no:
Room number – Example: 56
Place Type:
Place Type – Example: Technical Area
Postal Community Name: Postal community name - Example: Leonia.
P.O. Box:
Post office box (P.O. BOX) - Example: PO Box 16
Additional Code:
Additional code - Example: 1320300003
143
APS User Manual
Emergency Call Service: Emergency Call Service (e.g. 000 and others), such as defined by TIA or
NENA.
Policies:
Network Policy Discovery enables the efficient discovery and diagnosis of
mismatch issues with the VLAN configuration, along with the associated
Layer 2 and Layer 3 attributes, which apply for a set of specific protocol
applications on that port. Improper network policy configurations are a very
significant issue in VoIP environments that frequently result in voice quality
degradation or loss of service. Policies are only intended for use with
applications that have specific 'real-time' network policy requirements, such
as interactive voice and/or video services.
The network policy attributes advertised are:
1. Layer 2 VLAN ID (IEEE 802.1Q-2003)
2. Layer 2 priority value (IEEE 802.1D-2004)
3. Layer 3 Diffserv code point (DSCP) value (IETF RFC 2474)
this network policy is potentially advertised and associated with multiple
sets of application types supported on a given port. The application types
specifically addressed are:
1. Voice
2. Guest Voice
3. Softphone Voice
4. Video Conferencing
5. Streaming Video
6. Control / Signalling (conditionally support a separate network policy for
the media types above)
A large network may support multiple VoIP policies across the entire
organization, and different policies per application type. LLDP-MED allows
multiple policies to be advertised per port, each corresponding to a different
application type. Different ports on the same Network Connectivity Device
may advertise different sets of policies, based on the authenticated user
identity or port configuration.
It should be noted that LLDP-MED is not intended to run on links other than
between Network Connectivity Devices and Endpoints, and therefore does
not need to advertise the multitude of network policies that frequently run
on an aggregated link interior to the LAN.
Delete:
Click the delete button next to a policy to remove that policy.
144
APS User Manual
Policy ID:
ID for the policy. This is auto generated and shall be used when selecting the
policies that shall be mapped to the specific ports.
Application Type:
Intended use of the application types:
1. Voice - for use by dedicated IP Telephony handsets and other similar
appliances supporting interactive voice services. These devices are typically
deployed on a separate VLAN for ease of deployment and enhanced security
by isolation from data applications.
2. Voice Signalling (conditional) - for use in network topologies that require a
different policy for the voice signalling than for the voice media. This
application type should not be advertised if all the same network policies
apply as those advertised in the Voice application policy.
3. Guest Voice - support a separate 'limited feature-set' voice service for
guest users and visitors with their own IP Telephony handsets and other
similar appliances supporting interactive voice services.
4. Guest Voice Signalling (conditional) - for use in network topologies that
require a different policy for the guest voice signalling than for the guest
voice media. This application type should not be advertised if all the same
network policies apply as those advertised in the Guest Voice application
policy.
5. Softphone Voice - for use by softphone applications on typical data
centric devices, such as PCs or laptops. This class of endpoints frequently
does not support multiple VLANs, if at all, and are typically configured to use
an 'untagged' VLAN or a single 'tagged' data specific VLAN. When a network
policy is defined for use with an 'untagged' VLAN (see Tagged flag below),
then the L2 priority field is ignored and only the DSCP value has relevance.
6. Video Conferencing - for use by dedicated Video Conferencing equipment
and other similar appliances supporting real-time interactive video/audio
services.
7. Streaming Video - for use by broadcast or multicast based video content
distribution and other similar applications supporting streaming video
services that require specific network policy treatment. Video applications
relying on TCP with buffering would not be an intended use of this
application type.
145
APS User Manual
8. Video Signalling (conditional) - for use in network topologies that require
a separate policy for the video signalling than for the video media. This
application type should not be advertised if all the same network policies
apply as those advertised in the Video Conferencing application policy.
Tag:
Tag indicating whether the specified application type is using a 'tagged' or an
'untagged' VLAN.
Untagged indicates that the device is using an untagged frame format and as
such does not include a tag header as defined by IEEE 802.1Q-2003. In this
case, both the VLAN ID and the Layer 2 priority fields are ignored and only
the DSCP value has relevance.
Tagged indicates that the device is using the IEEE 802.1Q tagged frame
format, and that both the VLAN ID and the Layer 2 priority values are being
used, as well as the DSCP value. The tagged format includes an additional
field, known as the tag header. The tagged frame format also includes
priority tagged frames as defined by IEEE 802.1Q-2003.
VLAN ID:
VLAN identifier (VID) for the port as defined in IEEE 802.1Q-2003.
L2 Priority:
L2 Priority is the Layer 2 priority to be used for the specified application
type. L2 Priority may specify one of eight priority levels (0 through 7), as
defined by IEEE 802.1D-2004. A value of 0 represents use of the default
priority as defined in IEEE 802.1D-2004.
DSCP:
DSCP value to be used to provide Diffserv node behaviour for the specified
application type as defined in IETF RFC 2474. DSCP may contain one of 64
code point values (0 through 63). A value of 0 represents use of the default
DSCP value as defined in RFC 2475.
Add New Policy:
Click to add a new policy. Specify the Application type, Tag, VLAN ID, L2
Priority and DSCP for the new policy. Click "Save".
Port:
The port number to which the configuration applies.
Policy ID:
The set of policies that shall apply to a given port. The set of policies is
selected by ticking the checkboxes corresponding to the policies.
Reset Button:
Used to reset unsaved changes to original configuration.
Apply Button:
Used to save the settings configured on this page.
146
APS User Manual
1.2.8-4 LLDP-MED Neighbors
This page provides a status overview of all LLDP-MED neighbors. The displayed table contains a row
for each port on which an LLDP neighbour is detected. This function applies to VoIP devices which
support LLDP-MED.
Web Interface
To view the LLDP-MED neighbors that have been learnt from the switch via the Web Interface:
1. Click Configuration, LLDP and LLDP-MED Neighbors.
2. If you want to auto-refresh the information you will need to check the Auto-Refresh tick box.
3. Click Refresh to manually refresh the information.
Fig. 65 LLDP-MED Neighbours
Parameter Description
Port:
The port on which the LLDP frames have been received.
Device Type:
LLDP-MED Devices are comprised of two primary Device Types: Network
Connectivity Devices and Endpoint Devices.
LLDP-MED Network Connectivity Device Definition
LLDP-MED Network Connectivity Devices, as defined in TIA-1057, provide
access to the IEEE 802 based LAN infrastructure for LLDP-MED Endpoint
147
APS User Manual
Devices. An LLDP-MED Network Connectivity Device is a LAN access device
based on any of the following technologies:
1. LAN Switch/Router
2. IEEE 802.1 Bridge
3. IEEE 802.3 Repeater (included for historical reasons)
4. IEEE 802.11 Wireless Access Point
5. Any device that supports the IEEE 802.1AB and MED extensions defined
by TIA-1057 and can relay IEEE 802 frames via any method.
LLDP-MED Endpoint
Device Definition:
LLDP-MED Endpoint Devices, as defined in TIA-1057, are located at the IEEE
802 LAN network edge, and participate in IP communication service using
the LLDP-MED framework.
Within the LLDP-MED Endpoint Device category, the LLDP-MED scheme is
broken into further Endpoint Device Classes, as defined in the following.
Each LLDP-MED Endpoint Device Class is defined to build upon the
capabilities defined for the previous Endpoint Device Class. For-example will
any LLDP-MED Endpoint Device claiming compliance as a Media Endpoint
(Class II) also support all aspects of TIA-1057 applicable to Generic Endpoints
(Class I), and any LLDP-MED Endpoint Device claiming compliance as a
Communication Device (Class III) will also support all aspects of TIA-1057
applicable to both Media Endpoints (Class II) and Generic Endpoints (Class I).
LLDP-MED Generic
Endpoint (Class I):
LLDP-MED Media
Endpoint (Class II):
The LLDP-MED Generic Endpoint (Class I) definition is applicable to all
endpoint products that require the base LLDP discovery services defined in
TIA-1057, however do not support IP media or act as an end-user
communication appliance. Such devices may include (but are not limited to)
IP Communication Controllers, other communication related servers, or any
device requiring basic services as defined in TIA-1057.
Discovery services defined in this class include LAN configuration, device
location, network policy, power management, and inventory management.
The LLDP-MED Media Endpoint (Class II) definition is applicable to all
endpoint products that have IP media capabilities however may or may not
be associated with a particular end user. Capabilities include all of the
capabilities defined for the previous Generic Endpoint Class (Class I), and are
extended to include aspects related to media streaming. Example product
categories expected to adhere to this class include (but are not limited to)
Voice / Media Gateways, Conference Bridges, Media Servers, and similar.
148
APS User Manual
Discovery services defined in this class include media-type-specific network
layer policy discovery.
LLDP-MED
Communication
Endpoint (Class III):
LLDP-MED
Capabilities:
Application Type:
The LLDP-MED Communication Endpoint (Class III) definition is applicable to
all endpoint products that act as end user communication appliances
supporting IP media. Capabilities include all of the capabilities defined for
the previous Generic Endpoint (Class I) and Media Endpoint (Class II) classes,
and are extended to include aspects related to end user devices. Example
product categories expected to adhere to this class include (but are not
limited to) end user communication appliances, such as IP Phones, PC-based
softphones, or other communication appliances that directly support the
end user Discovery services defined in this class include provision of location
identifier (including ECS / E911 information), embedded L2 switch support,
inventory management.
LLDP-MED Capabilities describes the neighbourhood unit's LLDP-MED
capabilities. The possible capabilities are:
1. LLDP-MED capabilities
2. Network Policy
3. Location Identification
4. Extended Power via MDI – PSE
5. Extended Power via MDI – PD
6. Inventory
7. Reserved
Application Type indicating the primary function of the application(s)
defined for this network policy, advertised by an Endpoint or Network
Connectivity Device. The possible application types are shown below.
1. Voice - for use by dedicated IP Telephony handsets and other similar
appliances supporting interactive voice services. These devices are typically
deployed on a separate VLAN for ease of deployment and enhanced security
by isolation from data applications.
2. Voice Signalling - for use in network topologies that require a different
policy for the voice signalling than for the voice media.
3. Guest Voice - to support a separate limited feature-set voice service for
guest users and visitors with their own IP Telephony handsets and other
similar appliances supporting interactive voice services.
149
APS User Manual
4. Guest Voice Signalling - for use in network topologies that require a
different policy for the guest voice signalling than for the guest voice media.
5. Softphone Voice - for use by softphone applications on typical data
centric devices, such as PCs or laptops.
6. Video Conferencing - for use by dedicated Video Conferencing equipment
and other similar appliances supporting real-time interactive video/audio
services.
7. Streaming Video - for use by broadcast or multicast based video content
distribution and other similar applications supporting streaming video
services that require specific network policy treatment. Video applications
relying on TCP with buffering would not be an intended use of this
application type.
8. Video Signalling - for use in network topologies that require a separate
policy for the video signalling than for the video media.
Policy:
Policy indicates that an Endpoint Device wants to explicitly advertise that
the policy is required by the device. Can be either Defined or Unknown
Unknown: The network policy for the specified application type is currently
unknown.
Defined: The network policy is defined.
TAG:
TAG is indicative of whether the specified application type is using a tagged
or an untagged VLAN. Can be Tagged or Untagged.
Untagged: The device is using an untagged frame format and as such does
not include a tag header as defined by IEEE 802.1Q-2003.
Tagged: The device is using the IEEE 802.1Q tagged frame format.
VLAN ID:
VLAN ID is the VLAN identifier (VID) for the port as defined in IEEE 802.1Q2003. A value of 1 through 4094 is used to define a valid VLAN ID. A value of
0 (Priority Tagged) is used if the device is using priority tagged frames as
defined by IEEE 802.1Q-2003, meaning that only the IEEE 802.1D priority
level is significant and the default PVID of the ingress port is used instead.
Priority:
Priority is the Layer 2 priority to be used for the specified application type.
One of the eight priority levels (0 through 7).
DSCP:
DSCP is the DSCP value to be used to provide Diffserv node behaviour for
the specified application type as defined in IETF RFC 2474. Contain one of 64
code point values (0 through 63).
150
APS User Manual
Auto-Refresh:
Tick the box to enable the information to be automatically refreshed.
Refresh:
Used to manually refresh the information on the page.
151
APS User Manual
1.2.8-5 EEE
This page provides an overview of EEE information exchanged by LLDP.
Web Interface
To view the LLDP EEE information that has been discovered from the switch via the Web Interface:
1. Click Configuration, LLDP and EEE.
2. If you want to auto-refresh the information you will need to check the Auto-Refresh tick box.
3. Click Refresh to manually refresh the information.
Fig. 66 LLDP EEE Information
Parameter Description
Local Port:
The port on which the LLDP EEE information frames have been transmitted
or received.
Tx Tw:
The link partner’s maximum time that the transmit path can hold off sending
data after reassertion of LPI.
Rx Tw:
The link partner’s time that the receiver would like the transmitter to hold
off to allow time for the receiver to wake from sleep.
Fallback Receive Tw:
The link partner’s fallback receive Tw.
A receiving link partner may inform the transmitter of an alternate desired
Tw_sys_tx. Since a receiving link partner is likely to have discrete levels for
152
APS User Manual
savings, this provides the transmitter with additional information that it may
use for a more efficient allocation. Systems that do not implement this
option default the value to be the same as that of the Receive Tw_sys_tx.
Echo Tx Tw:
The link partner's Echo Tx Tw value.
The respective echo values shall be defined as the local link partner’s
reflection (echo) of the remote link partners respective values. When a local
link partner receives its echoed values from the remote link partner it can
determine whether or not the remote link partner has received, registered
and processed its most recent values. For example, if the local link partner
receives echoed parameters that do not match the values in its local MIB,
then the local link partner infers that the remote link partners request was
based on stale information.
Echo Rx Tw:
The link partner's Echo Rx Tw value.
Resolved Tx Tw:
The resolved Tx Tw for this link. Note: NOT the link partner
the resolved value that is the actual "tx wakeup time” used for this link
(based on EEE information exchanged via LLDP).
Resolved Rx Tw:
The resolved Rx Tw for this link. Note: NOT the link partner
the resolved value that is the actual "rx wakeup time” used for this link
(based on EEE information exchanged via LLDP).
Auto-Refresh:
Tick the box to enable the information to be automatically refreshed.
Refresh:
Used to manually refresh the information on the page.
153
APS User Manual
1.2.8-6 Port Statistics
This section displays two types of counters. Global counters are counters that refer to the whole
switch, while local counters refer to per port counters for the currently selected switch.
Web Interface
To view the LLDP Port Statistics from the switch via the Web Interface:
1. Click Configuration, LLDP and Port Statistics.
2. If you want to auto-refresh the information you will need to check the Auto-Refresh tick box.
3. Click Refresh to manually refresh the information.
Fig. 67 LLDP Port Statistics
Parameter Description
Neighbour entries
were last changed:
Shows the time when the last entry was last deleted or added. It also shows
the time elapsed since the last change was detected.
Total Neighbours
Entries Added:
Shows the number of new entries added since switch reboot.
Total Neighbours
Entries Deleted:
Shows the number of new entries deleted since switch reboot.
154
APS User Manual
Total Neighbours
Entries Dropped:
Shows the number of new entries dropped since switch reboot.
Total Neighbours
Entries Aged Out:
Shows the number of entries deleted due to Time-To-Live expiring.
Local Port:
The Port on which LLDP frames are received or transmitted.
Tx Frames:
The number of LLDP frames transmitted on the port.
Rx Frames:
The number of LLDP frames received on the port.
Rx Errors:
The number of received LLDP frames containing some kind of error.
Frames Discarded:
If an LLDP frame is received on a port, and the switch's internal table has run
full, the LLDP frame is counted and discarded. This situation is known as "Too
Many Neighbours" in the LLDP standard. LLDP frames require a new entry in
the table when the Chassis ID or Remote Port ID is not already contained
within the table. Entries are removed from the table when a given port's link
is down, an LLDP shutdown frame is received, or when the entry ages out.
TLV’s Discarded:
Each LLDP frame can contain multiple pieces of information, known as TLVs
(TLV is short for "Type Length Value"). If a TLV is malformed, it is counted
and discarded.
TLV’s Unrecognised:
The number of well-formed TLVs, but with an unknown type value.
Org. Discarded:
The number of organizationally received TLVs
Age-Outs:
Each LLDP frame contains information about how long time the LLDP
information is valid (age-out time). If no new LLDP frame is received within
the age out time, the LLDP information is removed, and the Age-Out counter
is incremented.
Auto-Refresh:
Tick the box to enable the information to be automatically refreshed.
Refresh:
Used to manually refresh the information on the page.
155
APS User Manual
1.2.9 POE
PoE or Power over Ethernet is an IEEE standard used to pass electrical power along with data over
standard Ethernet Cable. Utilising 2 of the 4 pairs of an Ethernet Cable PoE provides up to 15.4W
(IEEE 802.3af) or 25.5W (IEEE 802.3at) of power. PoE is used to power devices such as IP Phones,
Wireless Access Points and IP Cameras. Being able to use a single cable to run both data and power
saves in cabling costs, helps unclutter messy cables on your desk and is perfect for those
environments where a power point is not able to be installed where your Ethernet equipment is
needed.
The APS Series switches are IEEE 802.3at compliant and can supply up to 25.5W per port.
Advanced features such as PoE Power scheduling, PoE priority and having the ability to allocate a
particular amount of power per port are just some of the features that the APS series support.
1.2.9-1 Configuration
This section is used to enable/disable PoE on a per port basis, set the priority level and set the
maximum power allowed per port on the APS Series switches.
Web Interface
To configure the PoE Configuration parameters via the Web Interface:
1. Click Configuration, PoE and Configuration.
2. Select to enable or disable PoE on each port.
3. Set the required priority level and set the maximum power allowed for the port.
4. Tick the reset button next to the required port to reset the device connected.
5. Click the Apply button to save your changes or the Reset button to revert to previous
settings.
156
APS User Manual
Fig. 68 PoE Configuration
Parameter Description
Primary Power Supply: This is a read only value and displays the total power available for PoE
power.
Retry Time:
The time before the switch will try and negotiate the supply of power to a
connected device.
Port:
Physical port of the switch.
PoE Mode:
Used to enable or disable PoE on the selected port.
Priority:
A priority can be set per port. In case of switch PoE power overload the
ports with the highest priority will continue to function, those with low
priority will be powered off. Valid values are Low, High, Critical.
Default: Low
Maximum Power (W): Each port can have a maximum power value set. Please ensure the total
maximum power is not greater than that of the switches total power
budget.
Reset:
Tick the Reset box next to the required port to reset the device connected to
it.
Reset Button:
Used to reset unsaved changes to original configuration.
Apply Button:
Used to save the settings configured on this page.
157
APS User Manual
1.2.9-2 Status
This section is used display the PoE status of each of the ports. Information such as the PoE Class and
how much power the device is using can be viewed here.
Web Interface
To view the status of each PoE Port via the Web Interface:
1. Click Configuration, PoE and Status.
2. If you want to auto-refresh the information you will need to check the Auto-Refresh tick box.
3. Click Refresh to manually refresh the information.
Fig. 69 PoE Port Status
Parameter Description
Local Port:
Physical port of the switch.
PD Class:
Identifies the PD Class of the device connected to the Port. PD Classes
stipulate the amount of power the connected device may draw. PoE PD
Classes can be Class 0, 1, 2, 3 and 4.
Power Requested:
Displays the power requested by the device. This power figure is based on
the PD class of the device.
Power Allocated:
Displays the amount of power allocated by the switch for that port.
158
APS User Manual
Power Used:
The actual power being drawn by the connected PoE device.
Current Used:
Displays the current being drawn by the connected PoE device.
Priority:
The current priority set for the port.
Port Status:
Displays the status of the port.
No PD Detected: No PoE device is connected to the port.
PoE Turned On: Indicates that a PoE device is connected to the port and is
drawing power.
159
APS User Manual
1.2.9-3 Power Delay
This section is used to configure time periods in which particular ports will power on the connected
PoE devices.
Web Interface
To configure the PoE Power Delay function via the Web Interface:
1. Click Configuration, PoE and Power Delay.
2. Enable or Disable the Power Delay function for each port and set the delay period in
seconds.
3. Click the Apply button to save your changes or the Reset button to revert to previous
settings.
Fig. 70 PoE Power Delay
Parameter Description
Port:
Physical port of the switch.
Delay Mode:
Enable or Disable the Power Delay function.
Delay Time:
Set the delay time in seconds. When set, once the switch is powered on, the
switch will not supply power to this port until the delay period is reached.
Valid Values 0 – 300 seconds
160
APS User Manual
Reset Button:
Used to reset unsaved changes to original configuration.
Apply Button:
Used to save the settings configured on this page.
161
APS User Manual
1.2.9-4 Auto Checking
The APS Series PoE switches have a feature that allows the administrator to constantly monitor the
PD device connected to the switch. Periodically it will ping the device, if there is no response the
switch can reboot the device.
Web Interface
To configure the PoE Auto Checking function via the Web Interface:
1. Click Configuration, PoE and Auto Checking.
2. Enter the IP Address and time intervals into the sections provided.
3. Configure the appropriate Failure action and the reboot time for the device.
4. Click the Apply button to save your changes or the Reset button to revert to previous
settings.
Fig. 71 PoE Auto Checking
Parameter Description
Port:
Physical port of the switch.
Ping IP Address:
The IP Address of the PD device connected to this port.
Interval Time:
Enter the Interval time in seconds. This is the time between pinging the
connected device. Default is 30 seconds.
162
APS User Manual
Retry Time:
How many times the switch will try and ping the device before the failure is
logged and the Failure Action is implemented.
Default is 3.
Failure Log:
Displays the amount of errors and the amount of times the device has
entered the failure state.
Failure Action:
Select the appropriate action to be performed once the PD device cannot be
detected. Options are Nothing and Reboot Remote PD.
Reboot Time:
The time for the device to reboot before the switch will start checking its
state.
Default is 15 seconds.
Reset Button:
Used to reset unsaved changes to original configuration.
Apply Button:
Used to save the settings configured on this page.
163
APS User Manual
1.2.9-5 Scheduling
The APS Series PoE switches support a PoE Scheduling feature that allows the administrator to
power off devices when they are not in use. This can be used as a power saving feature to limit the
amount of power draw of the switch.
Web Interface
To configure the PoE Scheduling function via the Web Interface:
1. Click Configuration, PoE and Scheduling.
2. Select the port from the drop down box and select to enable or disable the scheduling
feature.
3. Set the time required for the device to be powered on by ticking the check boxes next to the
appropriate time and days.
4. Click the Apply button to save your changes or the Reset button to revert to previous
settings.
Fig. 72 PoE Scheduling
Parameter Description
Port:
Select the port to configure from the drop down box.
Status:
Enable or Disable the scheduling feature for the selected port.
164
APS User Manual
Select All:
This is used to enable the device to be powered on at all times.
Time and Day:
Select the appropriate time and day by selecting the check boxes. By
selecting these check box it states when the device will be powered on.
Apply Button:
Used to save the settings configured on this page.
165
APS User Manual
1.2.10 Filtering Data Base
Switching of frames is based upon the Destination MAC address contained in the frame. The switch
builds up a table that maps MAC addresses to switch ports for knowing which ports the frames
should go to (based upon the Destination MAC address in the frame). This table contains both static
and dynamic entries. The static entries are configured by the network administrator if the
administrator wants to do a fixed mapping between the Destination MAC address and switch ports.
The frames also contain a Source MAC address (SMAC address), which shows the MAC address of
the equipment sending the frame. The SMAC address is used by the switch to automatically update
the MAC table with these dynamic MAC addresses. Dynamic entries are removed from the MAC
table if no frame with the corresponding SMAC address has been seen after a configurable age time.
1.2.10-1 Configuration
This section is used to configure MAC Address settings on the APS Series switches.
Web Interface
To configure the MAC filtering parameters via the Web Interface:
5. Click Configuration, Filtering Database and Configuration.
6. Specify the Disable Automatic Aging and Aging Time.
7. Change the way individual ports can learn MAC Address information.
8.
Configure static MAC Address entries if required.
Fig. 73 MAC Filtering Configuration
166
APS User Manual
Parameter Description
Aging Configuration:
By default, dynamic entries are removed from the MAC table after 300
seconds. This removal is also called aging.
Configure aging time by entering a value here in seconds.
The allowed range is 10 to 1000000 seconds.
Disable the automatic aging of dynamic entries by checking Disable
automatic aging.
MAC Table learning:
If the learning mode for a given port is greyed out, another module is in
control of the mode, so that it cannot be changed by the user. An example
of such a module is the MAC-Based Authentication under 802.1X.
Auto:
Learning is done automatically as soon as a frame with unknown SMAC is
received.
Disable:
MAC Addresses will not be learnt.
Secure:
Only static MAC entries are learned, all other frames are dropped.
NOTE: Make sure that the link used for managing the switch is
added to the Static Mac Table before changing to secure learning
mode, otherwise the management link is lost and can only be
restored by using another non-secure port or by connecting to the
switch via the serial interface.
MAC Address Table:
The static entries in the MAC table are shown in this table.
The static MAC table can contain 64 entries.
The MAC table is sorted first by VLAN ID and then by MAC address.
Delete:
Check to delete the entry. It will be deleted during the next save.
VLAN ID:
The VLAN ID of the entry.
MAC Address:
The MAC address of the entry.
Port Members:
Checkmarks indicate which ports are members of the entry. Check or
uncheck as needed to modify the entry.
Add new Static Entry: Click to add a new static MAC entry.
Reset Button:
Used to reset unsaved changes to original configuration.
Apply Button:
Used to save the settings configured on this page.
167
APS User Manual
1.2.10-2 Dynamic MAC Table
Entries in the MAC Table are shown on this page. The MAC Table contains up to 8192 entries, and is
sorted first by VLAN ID, then by MAC address.
Web Interface
To view the MAC Address that have been learnt by the switch via the Web Interface:
1. Click Configuration, Filtering Database and Dynamic MAC Table.
2. If you want to auto-refresh the information you will need to check the Auto-Refresh tick box.
3. Click Refresh to manually refresh the information.
Parameter Description
Fig. 74 MAC Address Table
Type:
Indicates whether the entry is a static or a dynamic entry.
VLAN:
The VLAN ID of the entry.
MAC Address:
The MAC Address of the entry.
Port Members:
The ports that are members of the entry.
Auto-Refresh:
Tick the box to enable the information to be automatically refreshed.
Refresh:
Used to manually refresh the information on the page.
<<, >>:
The arrow keys are used to navigate between the pages, displaying the
current VLAN’s configured on the switch.
168
APS User Manual
1.2.11 VLAN
The virtual LAN (VLAN) allows you to group physically separate users into the same broadcast
domain. The use of VLANs improves security, segmentation, and flexibility. The use of VLANs also
decreases the cost of arranging users, because no extra cabling is required.
VLANs allow an administrator to define user groups logically rather than by their physical locations.
For example, you can arrange user groups such as accounting, engineering, and finance rather than
grouping everyone on the first floor, everyone on the second floor, and so on.

VLANs define broadcast domains that can span multiple LAN segments.

VLAN segmentation is not bound by the physical location of users.

Each switch port can be assigned to only one VLAN.

Ports not assigned to the same VLAN do not share broadcasts, improving network
performance.

A VLAN can exist on one switch or on multiple switches.

VLANs can connect across wide-area networks (WANs). The figure shows a VLAN design.
VLANs are defined by user functions rather than locations.
Each VLAN on a switch behaves as if it were a separate physical bridge. The switch forwards packets
(including unicasts, multicasts, and broadcasts) only to ports assigned to the same VLAN from which
it originated. This reduces on network traffic. VLANs require a trunk to span multiple switches. Each
trunk can carry traffic for multiple VLANs.
1.2.11-1 VLAN Membership
This section is used to configure VLAN settings on the APS Series switches. Here you can create
VLAN’s and assign ports into specific VLAN groups. The maximum n umber of VLAN groups that can
be created is 4096.
Web Interface
To configure the VLAN settings via the Web Interface:
1. Click Configuration, VLAN and VLAN Membership.
2. Click Add New VLAN to add additional VLAN groups.
3. Give the VLAN group a name and assign a VLAN ID (2 – 4096) for the group.
4. Click the Apply button to save your changes or the Reset button to revert to previous
settings.
169
APS User Manual
Fig. 75 VLAN Membership
Parameter Description
Delete:
To delete a VLAN entry, tick the check box next to the corresponding VLAN
entry. After you press the Apply the entry will be deleted.
VLAN ID:
The VLAN ID of the entry.
VLAN Name:
Enter a descriptive name for the VLAN. VLAN Names can contain
alphanumeric characters.
Port Members:
A row of check boxes for each port is displayed for each VLAN ID. To include
a port in a VLAN, check the box. To remove or exclude the port from the
VLAN, make sure the box is unchecked. By default, no ports are members,
and all boxes are unchecked.
Adding a New VLAN:
Click to add a new VLAN ID. An empty row is added to the table, and the
VLAN can be configured as needed. Legal values for a VLAN ID are 1 through
4095.
Reset Button:
Used to reset unsaved changes to original configuration.
Apply Button:
Used to save the settings configured on this page.
170
APS User Manual
1.2.11-2 Ports
This section is used to configure Port specific parameters for your VLAN’s. Here we can configure a
port as a Tagged (Trunk) or Untagged (Access) port or as a Hybrid port allowing both tagged and
untagged frames.
Web Interface
To configure the Port settings via the Web Interface:
1. Click Configuration, VLAN and Ports.
2. Configure the parameters required for all ports.
3. Click the Apply button to save your changes or the Reset button to revert to previous
settings.
Fig. 76 VLAN Port Configuration
Parameter Description
Ethertype for Custom S-Ports: This field specifies the ether type used for Custom S-ports. This is a
global setting for all the Custom S-ports. Custom Ethertype enables the user
to change the Ethertype value on a port to any value to support network
devices that do not use the standard 0x8100 Ethertype field value on
802.1Q-tagged or 802.1p-tagged frames.
Port:
Physical port of the switch.
171
APS User Manual
Port Type:
There are several port types that can be selected depending on the role of
the port. The port type available are Unaware, (Customer) C-Port, (Service)
S-Port and S-Custom Port:
Unaware – This port type can be used when the configured port is an
untagged port. All received packets will be tagged with the corresponding
PVID.
This port type can also be used when using Q-in-Q VLAN’s as this port type
will allow a Tagged Port to re-Tagged for Q-in-Q, as long as the TPID is
0x8100. (Standard 802.1q valid Ethernet Frame)
If the frame received has a TPID of 0x88A8 (Standard 802.1ad Q-in-Q Frame)
it will be discarded.
When the frame leaves the switch the TPID will be set to 0x8100.
C-Port – This port type can be used when the configured port is an untagged
port. All received packets will be tagged with the corresponding PVID.
This port can also be used for Tagged Ports. If the frame received has a TPID
of 0x8100 (Standard 802.1q valid Ethernet Frame) it will be forwarded.
If the frame received has a TPID of 0x88A8 (Standard 802.1ad Q-in-Q Frame)
it will be discarded.
When the frame leaves the switch the TPID will be set to 0x8100.
S-Port – This port type can be used when the configured port is an untagged
port. All received packets will be tagged with the corresponding PVID.
This port can also be used for Tagged Ports. If the frame received has a TPID
of 0x88A8 (Standard 802.1ad Q-in-Q Frame) it will be forwarded.
If the frame received has a TPID of 0x8100 (Standard 802.1q valid Ethernet
Frame) it will be discarded.
When the frame leaves the switch the TPID will be set to 0x88A8.
S-Custom-Port – This port type can be used when the configured port is an
untagged port. All received packets will be tagged with the corresponding
PVID.
This port can also be used for Tagged Ports. If the frame received has a TPID
of 0x88A8 (Standard 802.1ad Q-in-Q Frame) it will be forwarded.
If the frame received has a TPID of 0x8100 (Standard 802.1q valid Ethernet
Frame) it will be discarded.
When the frame leaves the switch the TPID will be set to The Ethertype
specified in the Ethertype for Custom S-Ports field.
Ingress Filtering:
Enable ingress filtering on a port by checking the box. This parameter affects
VLAN ingress processing. If ingress filtering is enabled and the ingress port is
172
APS User Manual
not a member of the classified VLAN of the frame, the frame is discarded.
By default, ingress filtering is disabled.
Frame Type:
Determines whether the port accepts all frames or only tagged/untagged
frames. This parameter affects VLAN ingress processing. If the port only
accepts tagged frames, untagged frames received on the port are discarded.
By default, the field is set to All.
Egress Rule:
This field determines what happens to the frames that leave and are
received by the configured ports. There are three options Hybrid, Access and
Trunk.
Hybrid – The Hybrid port type will allow both untagged and tagged packets
to be sent/received by the port. Use this port type when connecting to
VLAN-unaware or VLAN-aware devices.
Access – The Access port type will only allow untagged packets to be
sent/received from the port. Use this port type when connecting to VLANunaware devices.
Trunk – The Trunk port type will only allow tagged packets to be
sent/received from the port. Use this port type when connecting to VLANaware devices.
PVID:
Configure the VLAN identifier for the port. The allowed values are 1 through
4095.
The default value is 1.
NOTE: The port must be a member of the same VLAN as the Port
VLAN ID.
Reset Button:
Used to reset unsaved changes to original configuration.
Apply Button:
Used to save the settings configured on this page.
173
APS User Manual
1.2.11-3 Switch Status
This section is used to view the currently configured VLAN groups. VLAN groups which have been
learnt from other protocols such as GVRP can also be viewed here.
Web Interface
To view the current VLAN groups via the Web Interface:
1. Click Configuration, VLAN and Switch Status.
2. If you want to view specific VLAN groups based on a particular protocol, select the protocol
from the drop down box near the top of the page. Only VLAN groups relating to that
protocol will be displayed.
3. If you want to auto-refresh the information you will need to check the Auto-Refresh tick box.
4. Click Refresh to manually refresh the information.
Fig. 77 VLAN Status
Parameter Description
VLAN ID:
Indicates the VLAN ID of the particular entry.
Port Members:
Displays the port members that belong to a particular VLAN group. If the
check box it ticked it means that port belongs to that VLAN group.
Auto-Refresh:
Tick the box to enable the information to be automatically refreshed.
174
APS User Manual
Refresh:
Used to manually refresh the information on the page.
<<, >>:
The arrow keys are used to navigate between the pages, displaying the
current VLAN’s configured on the switch.
175
APS User Manual
1.2.11-4 Port Status
This section is used to view the port specific values relating to the VLAN information.
Web Interface
To view the current Port Information via the Web Interface:
1. Click Configuration, VLAN and Port Status.
2. If you want to view specific Port information based on a particular protocol used, select the
protocol from the drop down box near the top of the page. Only Port Information relating to
that protocol will be displayed.
3. If you want to auto-refresh the information you will need to check the Auto-Refresh tick box.
4. Click Refresh to manually refresh the information.
Fig. 78 Port Information
Parameter Description
Port:
Physical port of the switch.
PVID:
Shows the VLAN identifier for that port. The allowed values are 1 through
4095.
The default value is 1.
176
APS User Manual
Port Type:
Displays the currently configured port type, values are unaware, C-Port, SPort and S-Custom-Port. For a full explanation of these parameters see
section 1.2.10-2.
Ingress Filtering:
Displays whether the port has ingress filtering enabled or disabled.
Frame Type:
Displays what type of packets can be received by the port, Tagged, UnTagged or All.
Tx Tag:
Displays whether outgoing packets are tagged or untagged.
UVID:
Displays the UVID (Untagged VID). A port UVID determines how the packet
will be handled when leaving the switch.
Conflicts:
Displays whether any VLAN based conflicts have occurred. Conflicts can
occur when Dynamic VLAN’s are being used.
Auto-Refresh:
Tick the box to enable the information to be automatically refreshed.
Refresh:
Used to manually refresh the information on the page.
177
APS User Manual
1.2.11-5 Private VLAN
A private VLAN allows the administrator to configure a VLAN which contains switch ports that are
restricted, such that they can only communicate with a given uplink port. The restricted ports are
called private ports. Each private VLAN typically contains many private ports, and a single uplink. The
uplink will typically be a port (or link aggregation group) connected to a router, firewall, server,
provider network, or similar central resource.
The switch forwards all frames received on a private port out the uplink port, regardless of VLAN ID
or destination MAC address. Frames received on an uplink port are forwarded in the normal way
(i.e., to the port hosting the destination MAC address, or to all VLAN ports for unknown destinations
or broadcast frames). Traffic from individual ports are blocked from communicating with each other,
all ports can only communicate with the uplink port.
1.2.11-5-1 Private VLAN Membership
The Private VLAN membership configurations for the switch can be monitored and configured here.
Private VLAN’s can be added or deleted and port members of each Private VLAN can be added or
removed here. Private VLAN’s are based on the source port mask, and there are no connections to
VLAN’s. This means that VLAN ID’s and Private VLAN ID’s can be identical. A port must be a member
of both a VLAN and a Private VLAN to be able to forward packets. By default, all ports are VLAN
unaware and members of VLAN 1 and Private VLAN 1. A VLAN unaware port can only be a member
of one VLAN, but it can be a member of multiple Private VLAN’s.
Web Interface
To configure the Private VLAN Membership settings via the Web Interface:
1. Click Configuration, VLAN, Private VLAN’s and Private VLAN Membership.
2. To add a new Private VLAN click “Add New Private VLAN”.
3. Specify the Private VLAN ID and Port Members.
4. Click the Apply button to save your changes or the Reset button to revert to previous
settings.
178
APS User Manual
Fig. 79 Private VLAN Membership
Parameter Description
Delete:
To delete a Private VLAN entry, tick the box and press the Apply button.
PVLAN ID:
Indicates the VLAN ID of the private VLAN.
Port Members:
Displays the port members that belong to a particular VLAN group. If the
check box it ticked it means that port belongs to that VLAN group.
Add New Private VLAN: Click to add a new private VLAN. An empty row is added to the table, and
the private VLAN can be configured as needed.
Reset Button:
Used to reset unsaved changes to original configuration.
Apply Button:
Used to save the settings configured on this page.
179
APS User Manual
1.2.11-5-2 Port Isolation
Port Isolation allows the administrator to configure ports so they can only communicate with certain
ports, even though they are in the same VLAN group. A typical scenario is where you need to block
all ports from communicating with each other, but allow all ports to communicate with a single
uplink port. This section is used to configure how each port will communicate with other ports
within the same private VLAN.
Web Interface
To configure the Port Isolation settings via the Web Interface:
1. Click Configuration, VLAN, Private VLAN’s and Port Isolation.
2. Tick the box next to the corresponding port to enable port isolation.
3. Click the Apply button to save your changes or the Reset button to revert to previous
settings.
Fig. 80 Port Isolation
Parameter Description
Port Members:
A check box is provided for each port of a private VLAN. When checked, port
isolation is enabled on that port. When unchecked, port isolation is disabled
on that port. By default, port isolation is disabled on all ports.
Reset Button:
Used to reset unsaved changes to original configuration.
Apply Button:
Used to save the settings configured on this page.
180
APS User Manual
1.2.11-6 MAC-based VLAN
One of the most common ways of grouping VLAN members is by port, hence the name port-based
VLAN. Typically, the device adds the same VLAN tag to untagged packets that are received through
the same port. Later on, these packets can be forwarded in the same VLAN. Port-based VLAN’s are
easy to configure, and applies to networks where the locations of terminal devices are relatively
fixed. As mobile office and wireless network access gain more popularity, the ports that terminal
devices use to access the networks are very often non-fixed. A device may access a network through
Port A this time, but through Port B the next time. If Port A and Port B belong to different VLANs, the
device will be assigned to a different VLAN the next time it accesses the network. As a result, it will
not be able to use the resources in the old VLAN. On the other hand, if Port A and Port B belong to
the same VLAN, after terminal devices access the network through Port B, they will have access to
the same resources as those accessing the network through Port A do, which brings security issues.
To provide user access and ensure data security in the meantime, the MAC-based VLAN technology
was developed.
MAC-based VLAN’s, group VLAN members by MAC address. With MAC-based VLAN configured, the
device adds a VLAN tag to an untagged frame according to its source MAC address. MAC-based
VLANs are mostly used in conjunction with security technologies such as 802.1X to provide secure,
flexible network access for terminal devices.
1.2.11-6-1 Configuration
The MAC-based VLAN entries can be configured here. This page allows for adding and deleting MACbased VLAN entries and assigning the entries to different ports. This page shows only static entries.
Web Interface
To configure MAC-based VLAN settings via the Web Interface:
1. Click Configuration, VLAN, MAC-based VLAN’s and Configuration.
2. Specify the MAC Address and VLAN ID.
3. Click the Apply button to save your changes or the Reset button to revert to previous
settings.
181
APS User Manual
Fig. 81 MAC-based VLAN Configuration
Parameter Description
Delete:
To delete a MAC-based VLAN entry, check this box and press Apply. The
entry will be deleted on the selected switch.
MAC Address:
Indicates the MAC Address.
VLAN ID:
Indicates the VLAN ID.
Port Members:
A row of check boxes for each port is displayed for each MAC-based VLAN
entry. To include a port in a MAC-based VLAN, check the box. To remove or
exclude the port from the MAC-based VLAN, make sure the box is
unchecked. By default, no ports are members, and all boxes are unchecked.
Add New Entry:
Click to add a new MAC-based VLAN entry. An empty row is added to the
table, and the MAC-based VLAN entry can be configured as needed. Any
unicast MAC address can be configured for the MAC-based VLAN entry. No
broadcast or multicast MAC addresses are allowed. Legal values for a VLAN
ID are 1 through 4095.
The MAC-based VLAN entry is enabled on the selected switch unit when you
click on "Apply". A MAC-based VLAN without any port members on any unit
will be deleted when you click "Apply".
Reset Button:
Used to reset unsaved changes to original configuration.
Apply Button:
Used to save the settings configured on this page.
182
APS User Manual
1.2.11-6-2 Status
This section displays the current MAC-based VLAN groups configured on the switch.
Web Interface
To view the MAC-based VLAN groups via the Web Interface:
1. Click Configuration, VLAN, MAC-based VLAN’s and Status.
2. Select to view Combined, Static or NAS based MAC entries by using the drop down box near
the top of the screen.
3. If you want to auto-refresh the information you will need to check the Auto-Refresh tick box.
4. Click Refresh to manually refresh the information.
Fig. 82 MAC-based VLAN Status
Parameter Description
MAC Address:
Indicates the MAC Address.
VLAN ID:
Indicates the VLAN ID.
Port Members:
Port members of the Mac-based VLAN entry.
Auto-Refresh:
Tick the box to enable the information to be automatically refreshed.
Refresh:
Used to manually refresh the information on the page.
183
APS User Manual
1.2.11-7 Protocol-based VLAN
This section describes Protocol -based VLAN, the APS Series support Protocols including Ethernet LLC
and SNAP.
LLC
The Logical Link Control (LLC) data communication protocol layer is the upper sub-layer of the Data
Link Layer (which is itself layer 2, just above the Physical Layer) in the seven-layer OSI reference
model. It provides multiplexing mechanisms that make it possible for several network protocols (IP,
IPX, Decnet and Appletalk) to coexist within a multipoint network and to be transported over the
same network media, and can also provide flow control and automatic repeat request (ARQ) error
management mechanisms.
SNAP
The Subnetwork Access Protocol (SNAP) is a mechanism for multiplexing, on networks using IEEE
802.2 LLC, more protocols than can be distinguished by the 8-bit 802.2 Service Access Point (SAP)
fields. SNAP supports identifying protocols by Ethernet type field values; it also supports vendorprivate protocol identifier spaces. It is used with IEEE 802.3, IEEE 802.4, IEEE 802.5, IEEE 802.11 and
other IEEE 802 physical network layers, as well as with non-IEEE 802 physical network layers such as
FDDI that use 802.2 LLC.
1.2.11-7-1 Protocol to Group
This page allows you to add new Protocols to Group Name (unique for each Group) mapping entries
as well as allow you to see and delete already mapped entries for the selected switch.
Web Interface
To configure protocol to group mapping settings via the Web Interface:
1. Click Configuration, VLAN, Protocol-based VLAN’s and Protocol to Group.
2. Click Add New Entry and specify the Frame Type, Ethertype Value and give the group a
name.
3. Click the Apply button to save your changes or the Reset button to revert to previous
settings.
184
APS User Manual
Fig. 83 Protocol-based VLAN’s
Parameter Description
Delete:
To delete a Protocol-based VLAN entry, check this box and press Apply. The
entry will be deleted on the selected switch.
Frame Type:
Select the frame type for the group, valid values are Ethernet, LLC and SNAP.
NOTE: Once you change the Frame type field, the valid value of the
following text field will vary depending on the new frame type you
have selected.
Value:
Valid values that can be entered in this text field depends on the option
selected from the preceding Frame Type selection menu.
Below is the criteria for three different Frame Types:
Ethernet: Values in the text field when Ethernet is selected as a Frame Type
is called etype. Valid values for etype ranges from 0x0600-0xffff
LLC: Valid value in this case is comprised of two different sub-values.
a. DSAP: 1-byte long string (0x00-0xff)
b. SSAP: 1-byte long string (0x00-0xff)
SNAP: Valid value in this case also is comprised of two different sub-values.
185
APS User Manual
a. OUI: OUI (Organizationally Unique Identifier) is value in format of xx-xx-xx
where each pair (xx) in string is a hexadecimal value ranges from 0x00-0xff.
b. PID: If the OUI is hexadecimal 000000, the protocol ID is the Ethernet type
(EtherType) field value for the protocol running on top of SNAP; if the OUI is
an OUI for a particular organization, the protocol ID is a value assigned by
that organization to the protocol running on top of SNAP.
In other words, if value of OUI field is 00-00-00 then value of PID will be
etype (0x0600-0xffff) and if value of OUI is other than 00-00-00 then valid
value of PID will be any value from 0x0000 to 0xffff.
Group Name:
A valid Group Name is a unique 16-character long string for every entry
which consists of a combination of alphabets (a-z or A-Z) and integers (0-9).
Add New Entry:
Click to add a new entry to the mapping table, enter the required field based
on the frame type you have selected.
Reset Button:
Used to reset unsaved changes to original configuration.
Apply Button:
Used to save the settings configured on this page.
Refresh:
Used to manually refresh the information on the page.
186
APS User Manual
1.2.11-7-2 Group to VLAN
This section is used to map the groups configured in section 1.2.10-7-1 to a VLAN Group.
Web Interface
To map the protocol group to a VLAN group via the Web Interface:
1. Click Configuration, VLAN, Protocol-based VLAN’s and Group to VLAN.
2. Specify the Group Name and enter a valid VLAN ID.
3. Select the required ports for the group, by ticking the check box corresponding to the port
number.
4. Click the Apply button to save your changes or the Reset button to revert to previous
settings.
Fig. 84 Group to VLAN Mapping
Parameter Description
Delete:
To delete a Group Name to VLAN entry, check this box and press Apply. The
entry will be deleted on the selected switch.
Group Name:
A valid Group Name is a string of up to 16 characters, which consists of a
combination of alphabets (a-z or A-Z) and integers (0-9), no special
characters are allowed. When entering a Group Name the Group Name
must first exist in the Protocol to Group section.
187
APS User Manual
VLAN ID:
Indicates the ID to which the Group Name will be mapped. A valid VLAN ID
ranges from 1-4095.
Port Members:
A row of check boxes for each port is displayed for each Group Name to
VLAN ID mapping. To include a port in a mapping, check the box. To remove
or exclude the port from the mapping, make sure the box is unchecked. By
default, no ports are members, and all boxes are unchecked.
Add New Entry:
Click to add a new entry to the mapping table. An empty row is added to the
table, the Group Name, VLAN ID and port members can be configured as
needed.
Reset Button:
Used to reset unsaved changes to original configuration.
Apply Button:
Used to save the settings configured on this page.
Refresh:
Used to manually refresh the information on the page.
Auto-Refresh:
Tick the box to enable the information to be automatically refreshed.
188
APS User Manual
1.2.12 Voice VLAN
The Voice VLAN function is used for networks where both data and voice traffic are running on the
same network. By using a dedicated VLAN for voice traffic it allows the administrator to prioritize
this traffic to ensure voice quality is kept to an optimum level.
1.2.12-1 Configuration
This section is used to configure the Voice VLAN settings on the APS Series switches.
The voice VLAN feature enables access ports to carry IP voice traffic from an IP phone. When the
switch is connected to an IP Phone, the phone can send voice traffic with Layer 3 IP precedence and
Layer 2 class of service (CoS) values. Because the sound quality of an IP phone call can deteriorate if
the data is unevenly sent, the switch supports quality of service (QoS) based on IEEE 802.1p CoS.
QoS uses classification and scheduling to send network traffic from the switch in a predictable
manner.
The Voice VLAN QoS functionality is only applicable to IP Phones that support tagging of traffic with
IP Precedence or CoS QoS values. Most IP Phones will support this feature and must be configured to
do so correctly.
Web Interface
To configure the Voice VLAN settings via the Web Interface:
1. Click Configuration, Voice VLAN and Configuration.
2. Enable the Voice VLAN from the drop box labelled Mode.
3. Specify the appropriate VLAN ID, Aging Time and Traffic Class.
4. Configure the individual port settings as required.
5. Click the Apply button to save your changes or the Reset button to revert to previous
settings.
189
APS User Manual
Fig. 85 Voice VLAN Configuration
Parameter Description
Mode:
Select to enable or disable the Voice VLAN function.
Please Note: MSTP must be disabled when using Voice VLAN to avoid
conflicting ingress filtering information.
VLAN ID:
Specify a unique VLAN ID for the voice VLAN. This VLAN ID cannot be the
same as any other VLAN ID configured on the switch. The allowed range is 1
to 4095.
Aging Time:
Indicates the Voice VLAN secure learning aging time. The allowed range is 10
to 10000000 seconds. It is used when security mode or auto detect mode is
enabled. In other cases, it will be based on hardware aging time. The actual
aging time will be situated between the [age_time; 2 * age_time] interval.
Traffic Class:
Indicates the Voice VLAN traffic class. All traffic on the Voice VLAN will apply
this class.
Port:
Physical port of the switch.
Mode:
Select the appropriate mode for the selected port. Options are:
Disabled: Does not belong to the Voice VLAN.
190
APS User Manual
Auto: Will auto detect whether an IP Phone is connected to the port and
will automatically join the Voice VLAN.
Forced: Will force the port to be part of the Voice VLAN.
Security:
Used to enable or disable the Voice VLAN port security mode. When the
function is enabled, all non-IP Phone MAC addresses in the Voice VLAN will
be blocked for 10 seconds.
Discovery Protocol:
Indicates the Voice VLAN port discovery protocol. It will only work when
auto detect mode is enabled. We should enable LLDP feature before
configuring discovery protocol to "LLDP" or "Both". Changing the discovery
protocol to "OUI" or "LLDP" will restart auto detect process. Possible
discovery protocols are:
OUI: Detect telephony device by OUI address.
LLDP: Detect telephony device by LLDP.
Both: Both OUI and LLDP.
Reset Button:
Used to reset unsaved changes to original configuration.
Apply Button:
Used to save the settings configured on this page.
191
APS User Manual
1.2.12-2 OUI
This section is used to configure the Voice VLAN OUI table. The maximum number of entries is 16.
Modifying the OUI table will restart auto detection of OUI process.
Web Interface
To configure the Voice VLAN OUI settings via the Web Interface:
1. Click Configuration, Voice VLAN and OUI.
2. Click Add New Entry to add additional OUI information.
3. Specify the OUI and Description.
4. Click the Apply button to save your changes or the Reset button to revert to previous
settings.
Fig. 86 OUI Configuration
Parameter Description
Delete:
Check to delete the entry. It will be deleted during the next save.
Telephony OUI:
A telephony OUI address is a globally unique identifier assigned to a vendor
by IEEE. It must be 6 characters long and the input format is "xx-xx-xx" (x is a
hexadecimal digit).
192
APS User Manual
Description:
The description of OUI address. Normally, it describes which vendor
telephony device it belongs to. The allowed string length is 0 to 32.
Add New Entry:
Click to add a new entry to the Voice VLAN OUI table. An empty row is
added to the table, please enter the Telephony OUI and Description.
Reset Button:
Used to reset unsaved changes to original configuration.
Apply Button:
Used to save the settings configured on this page.
193
APS User Manual
1.2.13 GARP
The Generic Attribute Registration Protocol (GARP) provides a generic framework whereby devices
in a bridged LAN, e.g. end stations and switches, can register and de-register attribute values, such
as VLAN Identifiers, with each other. In doing so, the attributes are propagated to devices in the
bridged LAN, and these devices form a reachability tree that is a subset of an active topology. GARP
defines the architecture, rules of operation, state machines and variables for the registration and deregistration of attribute values.
A GARP participation in a switch or an end station consists of a GARP application component, and a
GARP Information Declaration (GID) component associated with each port or the switch. The
propagation of information between GARP participants for the same application in a bridge is carried
out by the GARP Information Propagation (GIP) component. Protocol exchanges take place between
GARP participants by means of LLC Type 1 services, using the group MAC address and PDU format
defined for the GARP application concerned.
1.2.13-1 Configuration
This page allows you to configure the basic GARP Configuration settings for all switch ports.
Web Interface
To configure the GARP settings via the Web Interface:
1. Click Configuration, GARP and Configuration.
2. Specify the GARP configuration parameters for the individual ports.
3. Click the Apply button to save your changes or the Reset button to revert to previous
settings.
194
APS User Manual
Fig. 87 GARP Configuration
Parameter Description
Port:
Physical port of the switch.
Timer Values:
To set the GARP Join Timer, Leave Timer and Leave All Timer, the units are
set in micro seconds.
Join Timer: The default value for the Join Timer is 200ms.
Leave Timer: The default value for the Leave Timer is 600ms. Valid values
are 600 to 1000ms.
Leave All Timer: The default value for the Leave All Timer is 10000ms.
Application:
The only supported application currently is GVRP.
Attribute Type:
The only supported Attribute Type currently is VLAN.
GARP Applicant:
This configuration is used to configure the Applicant state machine
behaviour for GARP on a particular port.
normal-participant: In this mode the Applicant state machine will operate
normally in GARP protocol exchanges.
non-participant: In this mode the Applicant state machine will not
participate in the protocol operation.
195
APS User Manual
Reset Button:
Used to reset unsaved changes to original configuration.
Apply Button:
Used to save the settings configured on this page.
196
APS User Manual
1.2.13-2 Statistics
This page allows you to view the GARP Statistics for all switch ports.
Web Interface
To view the GARP Statistics via the Web Interface:
1. Click Configuration, GARP and Statistics.
2. If you want to auto-refresh the information you will need to check the Auto-Refresh tick box.
3. Click Refresh to manually refresh the information.
Fig. 88 GARP Statistics
Parameter Description
Port:
Physical port of the switch.
Peer MAC:
The MAC Address of the connecting switch from which the GARP frame has
been received.
Failed Count:
The number of GARP frames that have been dropped.
Refresh:
Used to manually refresh the information on the page.
Auto-Refresh:
Tick the box to enable the information to be automatically refreshed.
197
APS User Manual
1.2.14 GVRP
The GARP VLAN Registration Protocol (GVRP) allows network devices to share VLAN information and
to use the information to modify existing VLANs or create new VLANs, automatically. This makes it
easier to manage VLANs that span more than one switch. Without GVRP, you have to manually
configure your switches to ensure that the various parts of the VLANs can communicate with each
other across the different switches. With GVRP, which is an application of the Generic Attribute
Registration Protocol (GARP), this is done for you automatically.
Here are the guidelines for GVRP:

GVRP is supported with STP or RSTP or without spanning tree.

Both ports that constitute a network link between the switch and the other device must be
running GVRP.

You cannot modify or delete dynamic GVRP VLANs.

You cannot remove dynamic GVRP ports from static or dynamic VLANs.

To be detected by GVRP, a VLAN must have at least one active node or have at least one
port with a valid link to an end node. GVRP cannot detect a VLAN that does not have any
active nodes or valid port links.

Resetting the switch erases all dynamic GVRP VLANs and dynamic GVRP port assignments.
The dynamic assignments are relearned by the switch as PDUs arrive on the ports from other
switches.

GVRP has three timers: join timer, leave timer, and leave all timer. The values for these
timers must be identically configured on all switches running GVRP. Timers with different
values on different switches can result in GVRP compatibility problems.

You can convert dynamic GVRP VLANs and dynamic GVRP port assignments to static VLANs
and static port assignments.
1.2.14-1 Configuration
This page allows you to configure the basic GVRP Configuration settings for all switch ports.
Web Interface
To configure the GVRP settings via the Web Interface:
1. Click Configuration, GVRP and Configuration.
2. Specify the GVRP Configuration parameters for the required ports.
198
APS User Manual
3. Click the Apply button to save your changes or the Reset button to revert to previous
settings.
Fig. 89 GVRP Configuration
Parameter Description
GVRP Mode:
Used to enable or disable GVRP globally for the switch.
Port:
Physical port of the switch.
GVRP Mode:
Here you can enable or disable GVRP for a particular port.
GVRP rrole:
This parameter controls if the VLAN registration on the port is restricted or
not.
Enable - The Restricted VLAN Registration is active for the port row selected.
Disable - The Restricted VLAN Registration is de-active for the port row
selected.
Refresh:
Used to manually refresh the information on the page.
Auto-Refresh:
Tick the box to enable the information to be automatically refreshed.
Reset Button:
Used to reset unsaved changes to original configuration.
Apply Button:
Used to save the settings configured on this page.
199
APS User Manual
1.2.14-2 Statistics
This page allows you to view the GVRP Statistics for all switch ports.
Web Interface
To view the GVRP Statistics via the Web Interface:
1. Click Configuration, GVRP and Statistics.
2. If you want to auto-refresh the information you will need to check the Auto-Refresh tick box.
3. Click Refresh to manually refresh the information.
Fig. 90 GVRP Statistics
Parameter Description
Port:
Physical port of the switch.
Join Tx Count:
Displays the number of Join GVRP requests sent from the port.
Leave Tx Count:
Displays the number of Leave GVRP requests sent from the port.
Refresh:
Used to manually refresh the information on the page.
Auto-Refresh:
Tick the box to enable the information to be automatically refreshed.
200
APS User Manual
1.2.15 QoS
The APS Series switches support four QoS queues per port with strict or weighted fair queuing
scheduling. It supports QoS Control Lists (QCL) for advance programmable QoS classification, based
on IEEE 802.1p, Ethertype, VID, IPv4/IPv6 DSCP and UDP/TCP ports and ranges.
High flexibility in the classification of incoming frames to a QoS class. The QoS classification looks for
information up to Layer 4, including IPv4 and IPv6 DSCP, IPv4 TCP/UDP port numbers, and user
priority of tagged frames. This QoS classification mechanism is implemented in a QoS control list
(QCL). The QoS class assigned to a frame is used throughout the device for providing queuing,
scheduling, and congestion control guarantees priority to the frame according to what was
configured for that specific QoS class.
The APS Series switches support advanced memory control mechanisms providing excellent
performance of all QoS classes under any traffic scenario, including jumbo frames. A super priority
queue with dedicated memory and strict highest priority in the arbitration. The ingress super priority
queue allows traffic recognized as CPU traffic to be received and queued for transmission to the CPU
even when all the QoS class queues are congested.
1.2.15-1 Port Classification
This section allows you to configure the basic QoS Ingress Classification settings for all switch ports.
Web Interface
To configure the QoS Port Classification settings via the Web Interface:
1. Click Configuration, QoS and Port Classification.
2. Select the appropriate QoS class settings for each switch port.
3. Click the Apply button to save your changes or the Reset button to revert to previous
settings.
201
APS User Manual
Fig. 91 QoS Port Classification
Parameter Description
Port:
Physical port of the switch.
QoS Class:
Controls the default QoS class, i.e., the QoS class for frames not classified in
any other way. There is a one to one mapping between QoS class, queue
and priority. A QoS class of 0 (zero) has the lowest priority.
DP Level:
Every incoming frame is classified to a Drop Precedence Level (DP level),
which is used throughout the device for providing congestion control
guarantees to the frame according to what was configured for that specific
DP level.
This setting controls the default DP level, i.e., the DP level for frames not
classified in any other way.
PCP:
Controls the default PCP for untagged frames. PCP is an acronym for Priority
Code Point. It is a 3-bit field storing the priority level for the 802.1Q frame.
DEI:
Controls the default DEI for untagged frames. DEI is an acronym for Drop
Eligible Indicator. It is a 1-bit field in the VLAN tag.
Tag Class:
Shows the classification mode for tagged frames on this port.
Disabled: Use default QoS class and DP level for tagged frames.
Enabled: Use mapped versions of PCP and DEI for tagged frames.
Click on the mode in order to configure the mode and/or mapping.
202
APS User Manual
DSCP Based:
Click to Enable DSCP Based QoS Ingress Port Classification.
Reset Button:
Used to reset unsaved changes to original configuration.
Apply Button:
Used to save the settings configured on this page.
1.2.15-2 Port Policing
This section provides an overview of QoS Ingress Port Policers for all switch ports The Port Policing is
useful in constraining traffic flows and marking frames above specific rates. Policing is primarily
useful for data flows and voice or video flows because voice and video usually maintains a steady
rate of traffic.
Web Interface
To configure the QoS Port Policing settings via the Web Interface:
1. Click Configuration, QoS and Port Policing.
2. Enable the ports that to wish to enable policing on.
3. Enter the required rates and the units in kbps, Mbps, fps or kfps.
4. Tick the check box to enable flow control on required ports.
5. Click the Apply button to save your changes or the Reset button to revert to previous
settings.
Fig. 92 QoS Port Policing
203
APS User Manual
Parameter Description
Port:
Physical port of the switch.
Mode:
Check the box next to the corresponding port to enable Ingress port
policing.
Rate:
Set the Rate that you want to limit the ingress bandwidth to.
Default vale is 500.
Unit:
Select the required speed type in units of kbps, Mbps, fps or kfps.
Flow Control:
Check the box to enable Flow Control on the selected port.
Reset Button:
Used to reset unsaved changes to original configuration.
Apply Button:
Used to save the settings configured on this page.
1.2.15-3 Port Scheduler
This section provides an overview of QoS Egress Port Schedulers for all switch ports.
Web Interface
To configure the QoS Port Scheduler settings via the Web Interface:
1. Click Configuration, QoS and Port Scheduler.
2. Click on the required port to configure the scheduling options.
3. You will now be prompted with another screen, here you can select to use Strict Priority or
Weighted.
4. Configure your Egress bandwidth parameters based on Queue Settings or force the port to a
desired speed. If using Weighted a total percentage of a queue can also be set.
5. Click the Apply button to save your changes or the Reset button to revert to previous
settings.
204
APS User Manual
Fig. 93 Port Scheduling
Fig. 94 Port Scheduling – Strict Priority
205
APS User Manual
Fig. 95 Port Scheduling – Weighted
Parameter Description
QoS Egress Port Schedulers
Port:
Physical port of the switch.
Mode:
Displays the configured Mode type, Strict Priority or Weighted.
Weight (Q0-5):
Shows the current weight for this queue and corresponding port.
QoS Egress Port Scheduler and Shapers (Strict Priority)
Scheduler Mode:
Select the required Scheduler Mode for the port, Strict Priority or Weighted.
Queue Shaper Enable: Tick the box next to the appropriate queue to enable the Queue Shaper.
Queue Shaper Rate:
Enter the required bandwidth rate, maximum values are based on the speed
on the port. If running at 1Gb, 1000000 Kbps or 1000Mbps.
Default value is 500.
Queue Shaper Unit:
Select whether the shaping rate is measured in kbps or Mbps.
Default is kbps.
Queue Shaper Excess:
Enable this if the queue is allowed to use excess bandwidth available on the
switch.
Port Shaper Enable:
Tick the box to enable Port shaping on the selected port.
206
APS User Manual
Port Shaper Rate:
Enter the required bandwidth rate, maximum values are based on the speed
on the port. If running at 1Gb, 1000000 Kbps or 1000Mbps.
Default value is 500.
Port Shaper Unit:
Select whether the shaping rate is measured in kbps or Mbps.
Default is kbps.
Reset Button:
Used to reset unsaved changes to original configuration.
Apply Button:
Used to save the settings configured on this page.
QoS Egress Port Scheduler and Shapers (Weighted)
Scheduler Mode:
Select the required Scheduler Mode for the port, Strict Priority or Weighted.
Queue Shaper Enable: Tick the box next to the appropriate queue to enable the Queue Shaper.
Queue Shaper Rate:
Enter the required bandwidth rate, maximum values are based on the speed
on the port. If running at 1Gb, 1000000 Kbps or 1000Mbps.
Default value is 500.
Queue Shaper Unit:
Select whether the shaping rate is measured in kbps or Mbps.
Default is kbps.
Queue Shaper Excess:
Enable this if the queue is allowed to use excess bandwidth available on the
switch.
Queue Scheduler Weight: Controls the weight of the queue. This is a percentage of total bandwidth
available, valid values 1 to 100.
Default is 17.
Queue Scheduler Percent: Shows the weight in percent for this queue.
Port Shaper Enable:
Tick the box to enable Port shaping on the selected port.
Port Shaper Rate:
Enter the required bandwidth rate, maximum values are based on the speed
on the port. If running at 1Gb, 1000000 Kbps or 1000Mbps.
Default value is 500.
Port Shaper Unit:
Select whether the shaping rate is measured in kbps or Mbps.
Default is kbps.
Reset Button:
Used to reset unsaved changes to original configuration.
Apply Button:
Used to save the settings configured on this page.
207
APS User Manual
1.2.15-4 Port Shaping
This section provides an overview of QoS Egress Port shaping for all switch ports.
Web Interface
To configure the QoS Port Shaping settings via the Web Interface:
1. Click Configuration, QoS and Port Shaping.
2. Click on the required port to configure the shaping options.
3. You will now be prompted with another screen, here you can select to use Strict Priority or
Weighted.
4. Configure your Egress bandwidth parameters based on Queue Settings or force the port to a
desired speed. If using Weighted a total percentage of a queue can also be set.
5. Click the Apply button to save your changes or the Reset button to revert to previous
settings.
Fig. 96 Port Shaping
208
APS User Manual
Fig. 97 Port Shaping – Strict Priority
Fig. 98 Port Shaping – Weighted
Parameter Description
QoS Egress Port Shapers
Port:
Physical port of the switch.
209
APS User Manual
Mode:
Displays the configured Mode type, Strict Priority or Weighted.
Weight (Q0-5):
Shows the current weight for this queue and corresponding port.
QoS Egress Port Scheduler and Shapers (Strict Priority)
Scheduler Mode:
Select the required Scheduler Mode for the port, Strict Priority or Weighted.
Queue Shaper Enable: Tick the box next to the appropriate queue to enable the Queue Shaper.
Queue Shaper Rate:
Enter the required bandwidth rate, maximum values are based on the speed
on the port. If running at 1Gb, 1000000 Kbps or 1000Mbps.
Default value is 500.
Queue Shaper Unit:
Select whether the shaping rate is measured in kbps or Mbps.
Default is kbps.
Queue Shaper Excess:
Enable this if the queue is allowed to use excess bandwidth available on the
switch.
Port Shaper Enable:
Tick the box to enable Port shaping on the selected port.
Port Shaper Rate:
Enter the required bandwidth rate, maximum values are based on the speed
on the port. If running at 1Gb, 1000000 Kbps or 1000Mbps.
Default value is 500.
Port Shaper Unit:
Select whether the shaping rate is measured in kbps or Mbps.
Default is kbps.
Reset Button:
Used to reset unsaved changes to original configuration.
Apply Button:
Used to save the settings configured on this page.
QoS Egress Port Scheduler and Shapers (Weighted)
Scheduler Mode:
Select the required Scheduler Mode for the port, Strict Priority or Weighted.
Queue Shaper Enable: Tick the box next to the appropriate queue to enable the Queue Shaper.
Queue Shaper Rate:
Enter the required bandwidth rate, maximum values are based on the speed
on the port. If running at 1Gb, 1000000 Kbps or 1000Mbps.
Default value is 500.
Queue Shaper Unit:
Select whether the shaping rate is measured in kbps or Mbps.
Default is kbps.
Queue Shaper Excess:
Enable this if the queue is allowed to use excess bandwidth available on the
switch.
210
APS User Manual
Queue Scheduler Weight: Controls the weight of the queue. This is a percentage of total bandwidth
available, valid values 1 to 100.
Default is 17.
Queue Scheduler Percent: Shows the weight in percent for this queue.
Port Shaper Enable:
Tick the box to enable Port shaping on the selected port.
Port Shaper Rate:
Enter the required bandwidth rate, maximum values are based on the speed
on the port. If running at 1Gb, 1000000 Kbps or 1000Mbps.
Default value is 500.
Port Shaper Unit:
Select whether the shaping rate is measured in kbps or Mbps.
Default is kbps.
Reset Button:
Used to reset unsaved changes to original configuration.
Apply Button:
Used to save the settings configured on this page.
211
APS User Manual
1.2.15-5 Port Tag Remarking
This section provides an overview of QoS Egress Port Tag Remarking all switch ports.
Web Interface
To configure the QoS Port Tag Remarking settings via the Web Interface:
1. Click Configuration, QoS and Port Tag Remarking.
2. Click on the port you want to configure.
3. Select the required Mode, Classified, Default or Mapped.
4. Click the Apply button to save your changes or the Reset button to revert to previous
settings.
Fig. 99 Port Tag Remarking
212
APS User Manual
Fig. 100 Port Tag Remarking – Classified Mode
Fig. 101 Port Tag Remarking – Default Mode
213
APS User Manual
Fig. 102 Port Tag Remarking – Mapped Mode
Parameter Description
Port:
Physical port of the switch.
Mode:
Shows the tag remarking mode for this port.
Classified: Use classified PCP/DEI values.
Default: Use default PCP/DEI values.
Mapped: Use mapped versions of QoS class and DP level.
Tag Remarking Mode (Classified): When set to Classified no configuration is necessary.
Tag Remarking Mode (Default): When set to Default the Administrator can manually set the PCP and
DEI Values.
Tag Remarking Mode (Mapped): When set to Mapped the Administrator can map the PCP and DEI
values based on the values of the QoS Class and DP Level.
Reset Button:
Used to reset unsaved changes to original configuration.
Apply Button:
Used to save the settings configured on this page.
214
APS User Manual
1.2.15-6 Port DSCP
This section provides an overview of QoS Port DSCP settings for all switch ports.
Web Interface
To configure the QoS Port DSCP settings via the Web Interface:
1. Click Configuration, QoS and Port DSCP.
2. Check the tick box next to each corresponding port to enable the DSCP feature.
3. Specify the Ingress Classify parameter and whether the Egress packets will be rewritten.
4. Click the Apply button to save your changes or the Reset button to revert to previous
settings.
Fig. 103 Port DSCP Settings
Parameter Description
Port:
Physical port of the switch.
Ingress Translate:
To enable ingress translation of the DSCP value enable this feature.
Classify:
Classification values available for the port are as follows:
Disable: No Ingress DSCP Classification.
DSCP=0: Classify if incoming (or translated if enabled) DSCP is 0.
Selected: Classify only selected DSCP values for which classification is
215
APS User Manual
enabled as specified in DSCP Translation window for the specific DSCP.
All: Classify all DSCP values.
Egress Rewrite:
DSCP Values can be rewritten based on the below parameters:
Disable: No Egress rewrite.
Enable: Rewrite enable without remapping the DSCP value.
Remap DP Unaware: Frame with DSCP from analyser is remapped and
remarked with the remapped DSCP value. The mapped DSCP value is always
taken from the DSCP Translation table.
Remap DP Aware: Frame with DSCP from analyser is remapped and
remarked with the remapped DSCP value. Depending on the frame's DP
level, the remapped DSCP value is either taken from the DSCP Translation
table or the Egress Remap DP0 or DP1 field.
Reset Button:
Used to reset unsaved changes to original configuration.
Apply Button:
Used to save the settings configured on this page.
216
APS User Manual
1.2.15-7 DSCP-based QoS
This section is used to configure DSCP-based QoS settings for all switch ports.
Web Interface
To configure the DSCP-based QoS settings via the Web Interface:
1. Click Configuration, QoS and DSCP-based QoS.
2. Specify whether the DSCP value is trusted, and set the corresponding QoS value and DP level
used for ingress processing.
3. Click the Apply button to save your changes or the Reset button to revert to previous
settings.
Fig. 104 DSCP-based QoS
Parameter Description
DSCP:
DSCP value in ingress packets. Range is 0 – 63.
Trust:
Controls whether a specific DSCP value is trusted. Only frames with trusted
DSCP values are mapped to a specific QoS class and drop level (DPL). Frames
with untrusted DSCP values are treated as non-IP frames.
QoS Class:
QoS value to which the corresponding DSCP value is classified for ingress
processing.
Range: 0-7.
Default value is 0.
217
APS User Manual
DPL:
Drop Precedence Level to which the corresponding DSCP value is classified
for ingress processing.
Range: 0-1, where 1 is the higher drop priority;
Default value is 0.
Reset Button:
Used to reset unsaved changes to original configuration.
Apply Button:
Used to save the settings configured on this page.
218
APS User Manual
1.2.15-8 DSCP Translation
This section is used to configure DSCP translation for ingress traffic or DSCP re-mapping for egress
traffic.
Web Interface
To configure the DSCP Translation settings via the Web Interface:
1. Click Configuration, QoS and DSCP Translation.
2. Set the required ingress translation and egress re-mapping parameters.
3. Click the Apply button to save your changes or the Reset button to revert to previous
settings.
Fig. 105 DSCP Translation
Parameter Description
DSCP:
DSCP value. Range is 0 – 63.
Ingress Translate:
Enables ingress translation of DSCP values based on the specified
classification method.
Ingress Classify:
Enable Classification at ingress side as defined in the QoS Port DSCP
Configuration table.
219
APS User Manual
Egress Remap DP0:
Re-maps DP0 field to selected DSCP value. DP0 indicates a drop precedence
with a low priority.
Egress Remap DP1:
Re-maps DP1 field to selected DSCP value. DP1 indicates a drop precedence
with a high priority.
Reset Button:
Used to reset unsaved changes to original configuration.
Apply Button:
Used to save the settings configured on this page.
220
APS User Manual
1.2.15-9 DSCP Classification
This section is used to map DSCP values to a QoS class and drop precedence level.
Web Interface
To configure the DSCP Classification settings via the Web Interface:
1. Click Configuration, QoS and DSCP Classification.
2. Map the DSCP values to a corresponding QoS class and drop precedence level.
3. Click the Apply button to save your changes or the Reset button to revert to previous
settings.
Fig. 106 DSCP Classification
Parameter Description
QoS Class/DPL:
Shows the mapping options for QoS class values and DP (drop precedence)
levels.
DSCP:
DSCP value. Range is 0 – 63.
Reset Button:
Used to reset unsaved changes to original configuration.
Apply Button:
Used to save the settings configured on this page.
221
APS User Manual
1.2.15-10 QoS Control List
Use the QoS Control List Configuration page to configure Quality of Service policies for handling
ingress packets based on Ethernet type, VLAN ID, TCP/UDP port, DSCP, ToS, or VLAN priority tag.
Once a QCE is mapped to a port, traffic matching the first entry in the QoS Control List is assigned to
the QoS class, drop precedence level, and DSCP value defined by that entry. Traffic not matching any
of the QCEs are classified to the default QoS Class for the port.
Web Interface
To configure the QoS Control List settings via the Web Interface:
1. Click Configuration, QoS and QoS Control List.
2. Click the button to add a new QCE, or use the other QCE modification buttons to specify
the editing action (i.e., edit, delete, or moving the relative position of entry in the list).
3. When editing an entry on the QCE Configuration page, specify the relevant criteria to be
matched, and the response to a match.
4. Click the Apply button to save your changes or the Reset button to revert to previous
settings.
Fig. 107 QoS Control List
222
APS User Manual
Fig. 108 Adding a QoS Control List Entry
Parameter Description
QCE:
Quality Control Entry Index.
Port:
Physical port of the switch.
Frame Type:
Indicates the type of frame to look for in incoming frames. Possible frame
types are: Any, Ethernet, LLC, SNAP, IPv4, and IPv6.
SMAC:
The OUI field of the source MAC address, i.e. the first three octets (bytes) of
the MAC address.
DMAC:
The type of destination MAC address. Possible values are: Any, Broadcast,
Multicast, and Unicast.
VID:
VLAN ID. Valid Range 1 – 4095
PCP:
PCP is an acronym for Priority Code Point. It is a 3-bit field storing the
priority level for the 802.1Q frame.
DEI:
DEI is an acronym for Drop Eligible Indicator. It is a 1-bit field in the VLAN
tag.
Action:
Indicates the classification action taken on ingress frames, if the configured
parameters are matched in the frame's content. If a frame matches the QCE,
the following actions will be taken:
Class (Classified QoS Class) – If a frame matches the QCE, it will be put in the
223
APS User Manual
queue corresponding to the specified QoS class.
DPL – The drop precedence level will be set to the specified value.
DSCP – The DSCP value will be set the specified value.
Inserts a new QCE before the current row.
Edits the QCE.
Moves the QCE up the list.
Moves the QCE down the list.
Deletes the QCE.
The lowest plus sign adds a new entry at the bottom of the QCE
listings
Fig. 109 Functions of QCE Control Buttons
QCE Configuration:
Port Members – The ports assigned to this entry.
Tag:
VLAN tag type.
Options: Any, Tag, Untag; Default: Any
VID:
VLAN identifier.
Options: Any, Specific (1-4095), Range.
Default: Any
PCP:
Priority Code Point (User Priority).
Options: a specific value of 0, 1, 2, 3, 4, 5, 6, 7, a range of 0-1, 2-3, 4-5, 6-7,
0-3, 4-7, or Any.
Default: Any
DEI:
Drop Eligible Indicator.
Options: 0, 1 or Any
Default: Any
SMAC:
The OUI field of the source MAC address. Enter the first three octets (bytes)
of the MAC address, or Any.
DMAC:
The type of destination MAC address. (Options: Any, BC (Broadcast), MC
(Multicast), UC (Unicast).
224
APS User Manual
Frame Type:
The supported Frame Types are listed below:
Any – Allow all types of frames.
Ethernet – This option can only be used to filter Ethernet II formatted
packets. Options: Any, Specific – 600-ffff hex; Default: ffff
Note that 800 (IPv4) and 86DD (IPv6) are excluded.
A detailed listing of Ethernet protocol types can be found in RFC1060. A few
of the more common types include 0800 (IP), 0806(ARP), 8137 (IPX).
LLC – Link Logical Control includes the following settings:
SSAP Address – Source Service Access Point address. (Options: Any, Specific
(0x00-0xff); Default: 0xff)
DSAP Address – Destination Service Access Point address. (Options: Any,
Specific (0x00-0xff); Default: 0xff)
Control – Control field may contain command, response, or sequence
information depending on whether the LLC frame type is Unnumbered,
Supervisory, or Information. (Options: Any, Specific (0x00-0xff); Default:
0xff)
SNAP – SubNetwork Access Protocol can be distinguished by an OUI and a
Protocol ID. (Options for PID: Any, Specific (0x00-0xffff); Default: Any)
If the OUI is hexadecimal 000000, the protocol ID is the Ethernet type
(EtherType) field value for the protocol running on top of SNAP.
If the OUI is that of a particular organization, the protocol ID is a value
assigned by that organization to the protocol running on top of SNAP.
In other words, if value of the OUI field is 00-00-00, then value of the PID will
be etherType (0x0600-0xffff), and if value of the OUI is other than 00-00-00,
then valid value of the PID will be any value from 0x0000 to 0xffff.
IPv4 – IPv4 frame type includes the following settings:
Protocol – IP protocol number. (Options: Any, UDP, TCP, or Other (0-255))
Source IP – Source IP address. (Options: Any, Specific)
To configure a specific source IP address, enter both the address and mask
format. The address and mask must be in the format x.y.z.w where x, y, z,
and where decimal numbers between 0 and 255. When the mask is
converted to a 32-bit binary string and read from left to right, all bits
following the first zero must also be zero.
IP Fragment – Indicates whether or not fragmented packets are accepted.
(Options: Any, Yes, No; Default: Any)DatagrAPS may be fragmented to
ensure they can pass through a network device which uses a maximum
transfer unit smaller than the original packet's size.
225
APS User Manual
DSCP – Diffserv Code Point value. (Options: Any, specific value of 0-63, BE,
CS1-CS7, EF or AF11-AF43, or Range; Default: Any)
IPv6 – IPv6 frame type includes the same settings as those used for IPv4,
except for the Source IP. When configuring a specific IPv6source address,
enter the least significant 32 bits (a.b.c.d) using the same type of mask as
that used for an IPv4 address.
Sport – Source TCP/UDP port. (Any, Specific/Range: 0-65535)
Dport – Destination TCP/UDP port. (Any, Specific/Range: 0-65535)
Class (Classified QoS Class): If a frame matches the QCE, it will be put in the queue corresponding to
the specified QoS class, or placed in a queue based on basic classification
rules.
Options: 0-7, Default (use basic classification)
Default setting: 0
DPL:
The drop precedence level will be set to the specified value or left
unchanged.
Options: 0-1, Default
Default setting: Default
DSCP:
The DSCP value will be set to the specified value or left unchanged.
Options: 0-63, BE, CS1-CS7, Default (not changed)
Default setting: Default)
Reset Button:
Used to reset unsaved changes to original configuration.
Apply Button:
Used to save the settings configured on this page.
226
APS User Manual
1.2.15-11 QCL Status
Displays the current QCL (QoS Control List) entries configured on the switch.
Web Interface
To view the QCL via the Web Interface:
1. Click Configuration, QoS and QCL Status.
2. If you want to auto-refresh the information you will need to check the Auto-Refresh tick box.
3. Click Refresh to manually refresh the information.
Fig. 110 QoS Control List Status
Parameter Description
User:
Displays the QCL user type.
QCE#:
Displays the QCE Index number.
Frame Type:
Displays the frame type configured for that entry.
Port:
Displays the list of ports that the QCE applies to.
Action:
Displays the Action values configured for the QCE entry.
Conflict:
Displays any conflict that have occurred with the QCE entry.
Auto-Refresh:
Tick the box to enable the information to be automatically refreshed.
227
APS User Manual
Refresh:
Used to manually refresh the information on the page.
Resolve Conflict:
Click to resolve any current QCE conflicts that have occurred.
228
APS User Manual
1.2.15-12 Storm Control
Use the Storm Control Configuration page to set limits on broadcast, multicast and unknown unicast
traffic to control traffic storms which may occur when a network device is malfunctioning, the
network is not properly configured, or application progrAPS are not well designed or properly
configured. Traffic storms caused by any of these problems can severely degrade performance or
bring your network to a complete halt.
You can protect your network from traffic storms by setting a threshold for broadcast, multicast, or
unknown unicast traffic. Any packets exceeding the specified threshold will then be dropped. Note
that the limit specified on this page applies to each port.
Web Interface
To configure the Storm Control settings via the Web Interface:
1. Click Configuration, QoS and Storm Control.
2. Enable storm control for unknown unicast, broadcast, or multicast traffic by marking the
Status box next to the required frame type.
3. Select the control rate for the selected traffic type.
4. Click the Apply button to save your changes or the Reset button to revert to previous
settings.
Fig. 111 Storm Control
229
APS User Manual
Parameter Description
Frame Type:
Specifies broadcast, multicast or unknown unicast traffic.
Status:
Enables or Disables Storm Control.
Rate (pps):
The threshold above which packets are dropped. This limit can be set by
specifying a value in pps, or by selecting one of the options in Kpps (i.e.,
marked with the suffix "K").
Options: n pps where n = 1, 2, 4, 8, 16, 32, 64, 128, 256, 512; or 1, 2, 4, 8, 16,
32, 64, 128, 256, 512, 1024 Kpps;
Default: 2 pps
Due to an ASIC limitation, the enforced rate limits are slightly less than the
listed options. For example: 1 Kpps translates into an enforced threshold of
1002.1 pps.
Reset Button:
Used to reset unsaved changes to original configuration.
Apply Button:
Used to save the settings configured on this page.
230
APS User Manual
1.2.16 s-Flow Agent
The APS Series switches support s-Flow network monitoring. sFlow is a sampling technology that
meets the key requirements for a network traffic monitoring solution:

sFlow provides a network-wide view of usage and active routes. It is a scalable technique for
measuring network traffic, collecting, storing, and analyzing traffic data. This enables tens of
thousands of interfaces to be monitored from a single location.

sFlow is scalable, enabling it to monitor links of speeds up to 10Gb/s and beyond without
impacting the performance of core internet routers and switches, and without adding
significant network load.

sFlow is a low cost solution. It has been implemented on a wide range of devices, from
simple L2 workgroup switches to high-end core routers, without requiring additional
memory and CPU.

sFlow is an industry standard with a growing number of vendors delivering products with
sFlow support.
sFlow is a multi-vendor sampling technology embedded within switches and routers. It provides the
ability to continuously monitor application level traffic flows at wire speed on all interfaces
simultaneously.
The sFlow Agent is a software process that runs as part of the network management software within
a device. It combines interface counters and flow samples into sFlow datagrAPS that are sent across
the network to an sFlow Collector. Packet sampling is typically performed by the switching/routing
ASICs, providing wire-speed performance. The state of the forwarding/routing table entries
associated with each sampled packet is also recorded.
The sFlow Agent does very little processing. It simply packages data into sFlow DatagrAPS that are
immediately sent on the network. Immediate forwarding of data minimizes memory and CPU
requirements associated with the sFlow Agent.
1.2.16-1 Collector
This section allows you to configure the s-Flow Agent Collector settings for the switch.
Web Interface
To configure the s-Flow Agent Collector settings via the Web Interface:
1. Click Configuration, s-Flow Agent and Collector.
2. Configure the appropriate s-Flow Agent Collector settings.
231
APS User Manual
3. Click the Apply button to save your changes or the Reset button to revert to previous
settings.
Fig. 112 s-Flow Agent Collector Settings
Parameter Description
Receiver ID:
The "Receiver ID" input field allows the user to input the receiver ID.
Currently one ID is supported as one collector is supported.
IP Type:
Here you can select to whether the Collector has an IPv4 or IPv6 Address.
IP Address:
Enter the IP Address of the s-Flow Agent Collector. The switch will send all sFlow information to the collector.
Port:
Enter the port that the collector uses to listen to s-Flow requests. Port Range
is 1 – 655365.
Default is 6343.
Time Out:
This is the duration during which the collector receives samples, once the
duration has expired the sampler stops sending the samples. Valid values
are within the range of 0-2147483647.
Default is 0.
Datagram Size:
The maximum UDP datagram size to send out sFlow samples to the receiver.
The value accepted is within the range of 200-1500 bytes.
Default is 1400 bytes.
232
APS User Manual
Reset Button:
Used to reset unsaved changes to original configuration.
Apply Button:
Used to save the settings configured on this page.
1.2.16-2 Sampler
This section is used to configure the s-Flow sampling rate that is sent to the receiver. An average of 1
out of N packets/operations is randomly sampled. This type of sampling does not provide a 100%
accurate result, but it does provide a result with quantifiable accuracy
Web Interface
To configure the s-Flow Agent Sampling settings via the Web Interface:
1. Click Configuration, s-Flow Agent and Sampler.
2. Click the
button to edit the s-Flow sampling parameters.
3. Select whether the samples will taken from RX, TX or all packets.
4. Click the Apply button to save your changes or the Reset button to revert to previous
settings.
Fig. 113 s-Flow Agent Sampler Settings
233
APS User Manual
Fig. 114 s-Flow Agent Sampler Port Settings
Parameter Description
s-Flow Ports:
Displays the ports that s-Flow is configured.
s-Flow Instance:
Configured sFlow instance for the port number.
Sampler Type:
Sampler types available are None, RX, TX and All.
Default is None.
Sampling Rate:
Configured sampling rates of the port.
Max Hdr Size:
Configured size of the header of the sampled frame.
Polling Interval:
Configured polling interval for the counter sampling.
Reset Button:
Used to reset unsaved changes to original configuration.
Apply Button:
Used to save the settings configured on this page.
Auto-Refresh:
Tick the box to enable the information to be automatically refreshed.
Refresh:
Used to manually refresh the information on the page.
234
APS User Manual
1.2.17 Loop Protection
The APS Series switches support a Loop protection mechanism. Loop Protection can be used in
environments that have devices that do not support the spanning tree protocol. If the switch
receives a packet containing its own MAC address the port will be locked.
1.2.17-1 Configuration
This section allows you to configure the Loop Protection settings for the switch.
Web Interface
To configure the Loop Protection settings via the Web Interface:
1. Click Configuration, Loop Protection and Configuration.
2. Select the required Action to take when a loop is detected and select whether to enable or
disable TX Mode.
3. Click the Apply button to save your changes or the Reset button to revert to previous
settings.
Fig. 115 Loop Protection Configuration
Parameter Description
Enable Loop Protection: Used to enable or disable Loop protection on the switch.
235
APS User Manual
Transmission Time:
The interval between each loop protection PDU sent on each port. Valid
values are 1 to 10 seconds.
Shutdown Time:
The period (in seconds) for which a port will be kept disabled in the event of
a loop is detection (and the port action is to shut down the port). Valid
values are 0 to 604800 seconds (7 days). A value of zero will keep a port
disabled (until next device restart).
Port:
Physical port of the switch.
Enable:
Used to enable or disable Loop Protection on each individual port.
Action:
Configures the action performed when a loop is detected on a port. Valid
values are Shutdown Port, Shutdown Port and Log or Log Only.
Tx Mode:
Controls whether the port is actively generating loop protection PDU's, or
whether it is just passively looking for looped PDU's.
Reset Button:
Used to reset unsaved changes to original configuration.
Apply Button:
Used to save the settings configured on this page.
236
APS User Manual
1.2.17-2 Status
This section displays the Loop Protection status of individual ports.
Web Interface
To view the Loop Protection status via the Web Interface:
1. Click Configuration, Loop Protection and Status.
2. If you want to auto-refresh the information you will need to check the Auto-Refresh tick box.
3. Click Refresh to manually refresh the information.
Parameter Description
Fig. 116 Loop Protection Status
Port:
Physical port of the switch.
Action:
The currently configured port action.
Transmit:
The currently configured port transmit mode.
Loops:
The number of loops detected on this port.
Status:
The current loop protection status of the port.
Time of Last Loop:
The time of the last loop event detected.
Auto-Refresh:
Tick the box to enable the information to be automatically refreshed.
Refresh:
Used to manually refresh the information on the page.
237
APS User Manual
1.2.18 Single IP
The APS Series switches support Single IP Management.
Single IP Management (SIM), is a simple and useful method to optimize network utilities and
management, it is designed to manage a group of switches as a single entity, called a SIM group.
Implementing the SIM feature will have the following advantages for users

Simplify management of small workgroups or wiring closets while scaling networks to handle
increased bandwidth demand.

Reduce the number of IP addresses needed on the network.

Virtual stacking structure - Eliminate any specialized cables for stacking and remove the
distance barriers that typically limit topology options when using other stacking technology.
1.2.18-1 Configuration
This section describes how to configure the Single IP Management function.
Web Interface
To configure the Single IP Management settings via the Web Interface:
1. Click Configuration, Single IP and Configuration.
2. Set the required Mode for the switch and enter the Group Name.
3. Click the Apply button to save your changes or the Reset button to revert to previous
settings.
Fig. 117 Single IP Configuration
238
APS User Manual
Parameter Description
Mode:
Is used to disable the SIP function or set the device as a Master or Slave.
Possible modes are:
Disable: Disable operation of Single IP Management.
Master: Enable Single IP Management and run as a Master Switch. Running
as the master switch the user will connect to the Master switches IP Address
and can then control the Slave switches in the same SIP group.
Slave: Enable Single IP Management and run as a Slave Switch. The user will
connect to the management of this switch via the Master Switches IP
Address.
Group Name:
The specific group name of the Single IP Management Group. All switches
that belong to this group will be controlled by the Master Switch of the
group.
Reset Button:
Used to reset unsaved changes to original configuration.
Apply Button:
Used to save the settings configured on this page.
239
APS User Manual
1.2.18-2 Information
This section displays the slave devices and allows the administrator access to these switches.
Web Interface
To view and configure the slave switches of the Single IP Management group via the Web Interface:
1. Click Configuration, Single IP and Information.
2. Click on the index number of the relevant switch you would like to connect to.
3. If you want to auto-refresh the information you will need to check the Auto-Refresh tick box.
4. Click Refresh to manually refresh the information.
Fig. 118 Single IP Information
Parameter Description
Index:
The ID of the active Slave Switch. The parameter lets you know how many
slave devices are connected to the SIP group.
Model Name:
Displays the model name of the slave switch.
MAC Address:
Displays the MAC Address of the slave switch.
Auto-Refresh:
Tick the box to enable the information to be automatically refreshed.
Refresh:
Used to manually refresh the information on the page.
240
APS User Manual
NOTE: When you click the index link you will be redirected to the
web interface of the slave device.
241
APS User Manual
1.2.19 Easy Port
The APS Series switches support a feature called Easy Port, which provides a convenient way to save
and share common configurations. You can use it to enable features and settings based on the
location of a switch in the network and for mass configuration deployments across the network.
Predefined ports settings can be applied to particular ports for installations of IP Phones, Wireless
Access Points and IP Cameras.
Web Interface
To configure the Easy Port settings via the Web Interface:
1. Click Configuration and Easy Port.
2. Use the check boxes to enable the Easy Port function on the required ports.
3. Select the Role of the ports using the drop down box provided.
4. Specific parameters can be changed based on your requirements.
5. Click the Apply button to save your changes or the Reset button to revert to previous
settings.
Fig. 119 Easy Port Configuration
Parameter Description
Port Members:
A row of check boxes for each port is displayed. To include a port in an Easy
Port, check the box as . Remove or exclude the port from the VLAN, make
242
APS User Manual
sure the box is unchecked.
By default, no ports are members.
Role:
The port role is based on the type of devices to be connected to the switch
ports. Scroll to select the type of device that will connect to the port.
Options are IP-Phone, IP-CAM and WIFI-AP.
Access VLAN:
Used to set the Access VLAN ID. Allowed range is 1 to 4095.
VLAN Mode:
Scroll to select the Port Egress Rule. The allowed values are Hybrid, Trunk or
Access. This parameter affects VLAN egress processing. If Trunk is selected, a
VLAN tag with the classified VLAN ID is inserted in frames transmitted on the
port. This mode is normally used for ports connected to VLAN aware device.
If Hybrid (the default value) is selected, if the classified VLAN ID of a frame
transmitted on the port is different from the Port VLAN ID, a VLAN tag with
the classified VLAN ID is inserted in the frame. If Access is selected, untag all
frames transmitted on the port.
Voice VLAN:
Indicates the Voice VLAN ID. It should be a unique VLAN ID in the system
and cannot equal any other configured port PVID. A conflict will occur if the
VLAN ID is the same as the management VID, MVR VID, PVID etc. The
allowed range is 1 to 4095.
Traffic Class:
Scroll to select the traffic class for the data stream priority. The available
values from 0 (Low) to 7 (High). If you want voice to have a high priority then
you can set the value to 7.
Port Security:
Scroll to enable or disable the Port Security function on the Port. If you turn
on the function then you need to set Port Security limit to allow how many
device can access the port (via MAC address).
Port Security Action:
If Limit is reached, the switch can take one of the following actions:
None: Do not allow more than Limit MAC addresses on the port, but take no
further action.
Trap: If Limit + 1 MAC addresses is seen on the port, send an SNMP trap. If
Aging is disabled, only one SNMP trap will be sent, but with Aging enabled,
new SNMP traps will be sent every time the limit gets exceeded.
Shutdown: If Limit + 1 MAC addresses is seen on the port, shut down the
port. This implies that all secured MAC addresses will be removed from the
port, and no new address will be learned.
Port Security limit:
The maximum number of MAC addresses that can be secured. This number
cannot exceed 1024. If the limit is exceeded, the corresponding action is
taken. The switch is "born" with a total number of MAC addresses from
which all ports draw whenever a new MAC address is seen on a Port
243
APS User Manual
Security-enabled port. Since all ports draw from the same pool, it may
happen that a configured maximum cannot be granted, if the remaining
ports have already used all available MAC addresses.
Spanning Tree Admin Edge: Controls whether the operEdge flag should start as set or cleared. (The
initial operEdge state when a port is initialized).
Spanning Tree BPDU Guard: If enabled, causes the port to disable itself upon receiving valid BPDU's.
Contrary to the similar bridge setting, the port Edge status does not effect
this setting. A port entering error-disabled state due to this setting is subject
to the bridge Port Error Recovery setting as well.
Reset Button:
Used to reset unsaved changes to original configuration.
Apply Button:
Used to save the settings configured on this page.
244
APS User Manual
1.2.20 Mirroring
The APS Series switches support traffic mirroring to capture and analyze real time traffic.
You can mirror traffic from any source port to a target port for real-time analysis. You can then
attach a logic analyzer or RMON probe to the target port and study the traffic crossing the source
port in a completely unobtrusive manner.
Mirror Configuration is to monitor the traffic of the network. For example, we assume that Port A
and Port B are Monitoring Port and Monitored Port respectively, thus, the traffic received by Port B
will be copied to Port A for monitoring.
Web Interface
To configure the Port Mirroring settings via the Web Interface:
1. Click Configuration and Mirroring.
2. Select the port that you wish to mirror on. This port will be used to collect the data.
3. Select the ports and mode that you wish to monitor. All traffic from this port will be sent to
the port selected above.
4. Click the Apply button to save your changes or the Reset button to revert to previous
settings.
Fig. 120 Port Mirroring
245
APS User Manual
Parameter Description
Port to Mirror on:
Port to mirror also known as the mirror port. Frames from ports that have
either source (rx) or destination (tx) mirroring enabled are mirrored on this
port. Disabled disables mirroring.
Port:
Physical port of the switch.
Mode:
Used to select the Mirror Mode.
Rx only: Frames received on this port are mirrored on the mirror port.
Frames transmitted are not mirrored.
Tx only: Frames transmitted on this port are mirrored on the mirror port.
Frames received are not mirrored.
Disabled: Neither frames transmitted nor frames received are mirrored.
Enabled: Frames received and frames transmitted are mirrored on the
mirror port.
NOTE: For a given port, a frame is only transmitted once. It is
therefore not possible to mirror Tx frames on the mirror port.
Because of this, mode for the selected mirror port is limited to
Disabled or Rx only.
Reset Button:
Used to reset unsaved changes to original configuration.
Apply Button:
Used to save the settings configured on this page.
246
APS User Manual
1.2.21 Trap Event Severity
The APS Series switches support trap events that can alert the administrator if a particular event
occurs. This section is used to customize the severity levels of the trap events. Administrators can
manually configure each event to have a Severity level of Emerg, Alert, Crit, Error, Warning, Notice,
Info and Debug.
Web Interface
To configure the Trap Event Severity levels via the Web Interface:
1. Click Configuration and Trap Event Severity.
2. Change the Severity Level of each of the Trap Events.
3. Click the Apply button to save your changes or the Reset button to revert to previous
settings.
Fig. 121 Trap Event Severity levels
Parameter Description
Group Name:
The name identifying the severity group.
Severity Level:
Scroll to select a severity level for each group. The following level types are
supported:
<0> Emergency: System is unusable.
<1> Alert: Action must be taken immediately.
<2> Critical: Critical conditions.
247
APS User Manual
<3> Error: Error conditions.
<4> Warning: Warning conditions.
<5> Notice: Normal but significant conditions.
<6> Information: Information messages.
<7> Debug: Debug-level messages.
Reset Button:
Used to reset unsaved changes to original configuration.
Apply Button:
Used to save the settings configured on this page.
248
APS User Manual
1.2.22 SMTP Configuration
The APS Series switches support trap events that can alert the administrator if a particular event
occurs. This section is used to configure the mail server settings that will be used to send the emails.
Email Addresses can also be configured here, these will be the addresses the events will be sent to.
Web Interface
To configure the SMTP Configuration settings via the Web Interface:
1. Click Configuration and SMTP Configuration.
2. Enter the appropriate parameters as required.
3. Click the Apply button to save your changes or the Reset button to revert to previous
settings.
Fig. 122 SMTP Configuration
Parameter Description
Mail Server:
Specify the IP Address of the mail server used to send/relay the emails.
Username:
Specify the username for the mail server. (If required)
Password:
Specify the password for the mail server. (If required)
Sender:
Enter an email address for which the emails will be sent from.
Return-Path:
Set the mail Return-Path as sender mail address.
249
APS User Manual
Email Address 1 – 6:
Enter up to 6 email address to receive the trap events.
Reset Button:
Used to reset unsaved changes to original configuration.
Apply Button:
Used to save the settings configured on this page.
250
APS User Manual
1.2.23 UPnP
The APS Series switches support UPnP. UPnP is an acronym for Universal Plug and Play. The goals of
UPnP are to allow devices to connect seamlessly and to simplify the implementation of networks in
the home (data sharing, communications, and entertainment) and in corporate environments for
simplified installation of computer components.
Web Interface
To configure the UPnP settings via the Web Interface:
1. Click Configuration and UPnP.
2. Select to enable or disable UPnP.
3. Configure the required parameters.
4. Click the Apply button to save your changes or the Reset button to revert to previous
settings.
Fig. 123UPnP Configuration
Parameter Description
Mode:
Indicates the UPnP operation mode. Possible modes are:
Enabled: Enable UPnP mode operation.
Disabled: Disable UPnP mode operation.
When the mode is enabled, two ACEs are added automatically to trap UPNP
251
APS User Manual
related packets to CPU. The ACEs are automatically removed when the
mode is disabled.
TTL:
The TTL value is used by UPnP to send SSDP advertisement messages. Valid
values are in the range 1 to 255.
Advertising Duration:
The duration, carried in SSDP packets, is used to inform a control point or
control points how often it or they should receive an SSDP advertisement
message from this switch. If a control point does not receive any message
within the duration, it will think that the switch no longer exists. Due to the
unreliable nature of UDP, in the standard it is recommended that such
refreshing of advertisements to be done at less than one-half of the
advertising duration. In the implementation, the switch sends SSDP
messages periodically at the interval one-half of the advertising duration
minus 30 seconds. Valid values are in the range 100 to 86400.
Reset Button:
Used to reset unsaved changes to original configuration.
Apply Button:
Used to save the settings configured on this page.
252
APS User Manual
1.3 Security
This chapter describes the Security configuration options available in the APS Series of switches.
Features such as IP Source Guard, Port Security, HTTPS, DHCP Snooping, DHCP Relay and many more
can be configured from this section.
1.3.1 IP Source Guard
The APS Series switches support IP Source Guard. IP Source Guard can be used to help secure your
switch from IP based spoofing attacks.
1.3.1-1 Configuration
This section is used to configure the IP Source Guard settings for the APS switch.
Web Interface
To configure the IP Source Guard settings of the switch via the Web Interface:
1. Click Security, IP Source Guard and Configuration.
2. Select to enable or disable the IP Source Guard feature.
3. Select to enable or disable this function on each individual port.
4. Select the amount of Dynamic Clients allowed to be learnt by the port.
5. Click the Apply button to save your changes or the Reset button to revert to previous
settings.
Fig. 124 IP Source Guard Configuration
253
APS User Manual
Parameter Description
Mode:
Enable the Global IP Source Guard or disable the Global IP Source Guard. All
configured ACEs will be lost when the mode is enabled.
Port:
Physical port of the switch.
Mode:
Select to enable or disable the IP Source Guard function on the select port.
The global IP Source Guard Mode must also be enabled, when enabling each
individual port.
Max. Dynamic Clients: Specify the maximum number of dynamic clients that can be learnt on any
given port. This value can be 0, 1, 2 or unlimited. If the port mode is enabled
and the value of max dynamic client is equal to 0, only IP Packets that have
been entered into the static table will be forwarded.
Reset Button:
Used to reset unsaved changes to original configuration.
Apply Button:
Used to save the settings configured on this page.
254
APS User Manual
1.3.1-2 Static Table
This section is used to enter Static IP addresses into the APS switch.
Web Interface
To enter Static IP Addresses into the Static Table via the Web Interface:
1. Click Security, IP Source Guard and Static Table.
2. Click on Add New Entry.
3. Specify the Port, VLAN ID, IP Address and MAC Address.
4. Click the Apply button to save your changes or the Reset button to revert to previous
settings.
Fig. 125 Static Table Configuration
Parameter Description
Delete:
Check the tick box next to the required entry and press the Apply button.
Port:
Physical port of the switch.
VLAN ID:
The VLAN ID of the static entry.
IP Address:
The IP Address of the static entry.
MAC Address:
The MAC Address of the static entry.
255
APS User Manual
Add New Entry:
Click to add a new static entry.
Reset Button:
Used to reset unsaved changes to original configuration.
Apply Button:
Used to save the settings configured on this page.
256
APS User Manual
1.3.1-3 Dynamic Table
This section is used to view the dynamic IP Source Guard entries.
Web Interface
To view the Dynamic IP Addresses via the Web Interface:
1. Click Security, IP Source Guard and Dynamic Table.
2. To filter the entries you can select the Start from Port, VLAN ID and or IP Address.
3. If you want to auto-refresh the information you will need to check the Auto-Refresh tick box.
4. Click Refresh to manually refresh the information.
Fig. 126 Dynamic Table
Parameter Description
Port:
Physical port of the switch.
VLAN ID:
VLAN ID of the IP traffic that’s permitted.
IP Address:
IP Address of the dynamic entry.
Mac Address:
MAC Address of the dynamic entry.
Auto-Refresh:
Tick the box to enable the information to be automatically refreshed.
Refresh:
Used to manually refresh the information on the page.
257
APS User Manual
<<, >>:
The arrow keys are used to navigate between the pages, displaying the
current VLAN’s configured on the switch.
258
APS User Manual
1.3.2 ARP Inspection
The APS Series switches supports ARP Inspection. This allows the switch to intercept and examine all
ARP request and response packets in a subnet and discard those packets with invalid IP to MAC
address bindings.
1.3.2-1 Configuration
This section is used to configure the ARP Inspection settings for the APS switch.
Web Interface
To configure the ARP Inspection settings of the switch via the Web Interface:
1. Click Security, ARP Inspection and Configuration.
2. Select to enable or disable the ARP Inspection feature.
3. Select to enable or disable this function on each individual port.
4. Click the Apply button to save your changes or the Reset button to revert to previous
settings.
Fig. 127 ARP Inspection Configuration
Parameter Description
Mode:
Enable or Disable the Global ARP Inspection.
Port:
Physical port of the switch.
259
APS User Manual
Mode:
Select to enable or disable the ARP Inspection function on the select port.
The global ARP Inspection Mode must also be enabled, when enabling each
individual port.
Reset Button:
Used to reset unsaved changes to original configuration.
Apply Button:
Used to save the settings configured on this page.
260
APS User Manual
1.3.2-2 Static Table
This section is used to enter Static ARP entries into the APS switch.
Web Interface
To enter Static ARP entries into the Static Table via the Web Interface:
1. Click Security, ARP Inspection and Static Table.
2. Click on Add New Entry.
3. Specify the Port, VLAN ID, IP Address and MAC Address.
4. Click the Apply button to save your changes or the Reset button to revert to previous
settings.
Fig. 128 Static Table Configuration
Parameter Description
Delete:
Check the tick box next to the required entry and press the Apply button.
Port:
Physical port of the switch.
VLAN ID:
The VLAN ID of the static entry.
IP Address:
The IP Address of the static entry.
MAC Address:
The MAC Address of the static entry.
261
APS User Manual
Add New Entry:
Click to add a new static entry.
Reset Button:
Used to reset unsaved changes to original configuration.
Apply Button:
Used to save the settings configured on this page.
262
APS User Manual
1.3.2-3 Dynamic Table
This section is used to view the dynamic ARP Inspection entries.
Web Interface
To view the Dynamic ARP entries via the Web Interface:
1. Click Security, ARP Inspection and Dynamic Table.
2. To filter the entries you can select the Start from Port, VLAN ID and or IP Address.
3. If you want to auto-refresh the information you will need to check the Auto-Refresh tick box.
4. Click Refresh to manually refresh the information.
Fig. 129 Dynamic Table
Parameter Description
Port:
Physical port of the switch.
VLAN ID:
VLAN ID of the IP traffic that’s permitted.
IP Address:
IP Address of the dynamic entry.
Mac Address:
MAC Address of the dynamic entry.
Auto-Refresh:
Tick the box to enable the information to be automatically refreshed.
Refresh:
Used to manually refresh the information on the page.
263
APS User Manual
<<, >>:
The arrow keys are used to navigate between the pages, displaying the
current VLAN’s configured on the switch.
264
APS User Manual
1.3.3 DHCP Snooping
The APS Series switches supports DHCP Snooping. The section describes how to configure the DHCP
Snooping parameters of the switch. DHCP Snooping can prevent attackers from adding their own
DHCP servers on the network.
1.3.3-1 Configuration
This section is used to configure the DHCP Snooping settings for the APS switch.
Web Interface
To configure the DHCP Snooping settings of the switch via the Web Interface:
1. Click Security, DHCP Snooping and Configuration.
2. Select to enable or disable DHCP Snooping on the switch.
3. Select either trusted or untrusted for each port.
4. Click the Apply button to save your changes or the Reset button to revert to previous
settings.
Fig. 130 DHCP Snooping Configuration
Parameter Description
Snooping Mode:
Indicates the DHCP snooping mode operation. Possible modes are:
Enabled: Enable DHCP snooping mode operation. When DHCP snooping
mode operation is enabled, the DHCP request messages will be forwarded
265
APS User Manual
to trusted ports and only allow reply packets from trusted ports.
Disabled: Disable DHCP snooping mode operation.
Port:
Physical port of the switch.
Mode:
Indicates the DHCP snooping port mode. Possible port modes are:
Trusted: Configures the port as trusted source of the DHCP messages.
Untrusted: Configures the port as untrusted source of the DHCP messages.
Reset Button:
Used to reset unsaved changes to original configuration.
Apply Button:
Used to save the settings configured on this page.
266
APS User Manual
1.3.3-2 Statistics
This section is used to view the DHCP Snooping Statistics for the APS switch.
Web Interface
To view the DHCP Snooping Statistics of the switch via the Web Interface:
1. Click Security, DHCP Snooping and Statistics.
2. If you want to auto-refresh the information you will need to check the Auto-Refresh tick box.
3. Click Refresh to manually refresh the information.
Fig. 131 DHCP Snooping Statistics
Parameter Description
Rx and Tx Discover:
The number of discover (option 53 with value 1) packets received and
transmitted.
Rx and Tx Offer:
The number of offer (option 53 with value 2) packets received and
transmitted.
Rx and Tx Request:
The number of request (option 53 with value 3) packets received and
transmitted.
Rx and Tx Decline:
The number of decline (option 53 with value 4) packets received and
transmitted.
267
APS User Manual
Rx and Tx ACK:
The number of ACK (option 53 with value 5) packets received and
transmitted.
Rx and Tx NAK:
The number of NAK (option 53 with value 6) packets received and
transmitted.
Rx and Tx Release:
The number of release (option 53 with value 7) packets received and
transmitted.
Rx and Tx Inform:
The number of inform (option 53 with value 8) packets received and
transmitted.
Rx and Tx Lease Query: The number of lease query (option 53 with value 10) packets received and
transmitted.
Rx and Tx Lease Unassigned: The number of lease unassigned (option 53 with value 11) packets
received and transmitted.
Rx and Tx Lease Unknown: The number of lease unknown (option 53 with value 12) packets received
and transmitted.
Rx and Tx Lease Active: The number of lease active (option 53 with value 13) packets received and
transmitted.
Auto-Refresh:
Tick the box to enable the information to be automatically refreshed.
Refresh:
Used to manually refresh the information on the page.
268
APS User Manual
1.3.4 DHCP Replay
The APS Series switches supports the DHCP Relay function. DHCP Relays are used to forward DHCP
requests to other DHCP Server on the same or on another subnet. This section is used to configure
the DHCP Relay parameters.
1.3.4-1 Configuration
This section is used to configure the DHCP Relay settings for the APS switch.
Web Interface
To configure the DHCP Relay settings of the switch via the Web Interface:
1. Click Security, DHCP Relay and Configuration.
2. Select to enable or disable the DHCP Relay function.
3. Enter the IP Address of the Relay Server IP Address.
4. Select to enable or disable the Relay Information Mode setting.
5. Select the appropriate Relay Information Policy.
6. Click the Apply button to save your changes or the Reset button to revert to previous
settings.
Fig. 132 DHCP Relay Configuration
269
APS User Manual
Parameter Description
Relay Mode:
Indicates the DHCP relay mode operation. Possible modes are:
Enabled: Enable DHCP relay mode. When the DHCP relay is enabled, the
agent forwards and transfers DHCP messages between the clients and the
server when they are not in the same subnet domain.
Disabled: Disable the DHCP relay.
Relay Server:
Indicates the DHCP relay server IP address. A DHCP relay agent is used to
forward and to transfer DHCP messages between the clients and the server
when they are not in the same subnet domain.
Relay Information Mode: Indicates the DHCP relay information mode option operation. Possible
modes are:
Enabled: Enable DHCP relay information mode. When DHCP relay
information mode is enabled, the agent inserts specific information (option
82) into a DHCP message when forwarding to a DHCP server and removes it
from a DHCP message when transferring to a DHCP client. It only works
when DHCP relay operation mode is enabled.
Disabled: Disable DHCP relay information mode.
Relay Information Policy: Indicates the DHCP relay information option policy. When DHCP relay
information mode operation is enabled, if an agent receives a DHCP
message that already contains relay agent information it will enforce the
policy. And it only works under DHCP if relay information operation mode is
enabled. Possible policies are:
Replace: Replace the original relay information when a DHCP message that
already contains it is received.
Keep: Keep the original relay information when a DHCP message that
already contains it is received.
Drop: Drop the package when a DHCP message that already contains relay
information is received.
Reset Button:
Used to reset unsaved changes to original configuration.
Apply Button:
Used to save the settings configured on this page.
270
APS User Manual
1.3.4-2 Statistics
This section is used to view the DHCP Relay Statistics for the APS switch.
Web Interface
To view the DHCP Relay Statistics via the Web Interface:
1. Click Security, DHCP Relay and Statistics.
2. If you want to auto-refresh the information you will need to check the Auto-Refresh tick box.
3. Click Refresh to manually refresh the information.
Fig. 133 DHCP Relay Statistics
Parameter Description
Transmit to Server:
The number of packets that are relayed from client to server.
Transmit Error:
The number of packets that resulted in errors while being sent to clients.
Receive from Server:
The number of packets received from server.
Receive Missing Agent Option: The number of packets received without agent information options.
Receive Missing Circuit ID: The number of packets received with the Circuit ID option missing.
Receive Missing Remote ID: The number of packets received with the Remote ID option missing.
271
APS User Manual
Receive Bad Circuit ID: The number of packets whose Circuit ID option did not match known circuit
ID.
Receive Bad Remote ID: The number of packets whose Remote ID option did not match known
Remote ID.
Client Statistics
Transmit to Client:
The number of relayed packets from server to client.
Transmit Error:
The number of packets that resulted in error while being sent to servers.
Receive from Client:
The number of received packets from server.
Receive Agent Option: The number of received packets with relay agent information option.
Replace Agent Option: The number of packets which were replaced with relay agent information
option.
Keep Agent Option:
The number of packets whose relay agent information was retained.
Drop Agent Option:
The number of packets that were dropped which were received with relay
agent information.
Auto-Refresh:
Tick the box to enable the information to be automatically refreshed.
Refresh:
Used to manually refresh the information on the page.
272
APS User Manual
1.3.5 NAS
The APS Series switches supports a NAS (Network Access Server) function which allows users
connection to a variety of resources, including the internet. Particular settings can be applied to this
user based on authentication to a RADIUS Server. Functions such as 802.1x and Mac based
Authentication can be used to authenticate users onto the network allowing them access to these
shared resources.
1.3.5-1 Configuration
This section is used to configure the NAS settings for the APS switch.
Web Interface
To configure the NAS settings of the switch via the Web Interface:
1. Click Security, NAS and Configuration.
2. Enable and configure the system wide parameters for the NAS server.
3. Configure the required settings for each of the ports that will utilize the NAS function.
4.
Click the Apply button to save your changes or the Reset button to revert to previous
settings.
Fig. 134 Network Access Server Configuration
273
APS User Manual
Parameter Description
Mode:
Indicates if NAS is globally enabled or disabled on the switch. If globally
disabled, all ports are allowed forwarding of frames.
Reauthentication Enabled: If checked, successfully authenticated supplicants/clients are
reauthenticated after the interval specified by the Reauthentication Period.
Reauthentication for 802.1X-enabled ports can be used to detect if a new
device is plugged into a switch port or if a supplicant is no longer attached.
For MAC-based ports, reauthentication is only useful if the RADIUS server
configuration has changed. It does not involve communication between the
switch and the client, and therefore doesn't imply that a client is still present
on a port (see Aging Period below).
Reauthentication Period: Determines the period, in seconds, after which a connected client must be
reauthenticated. This is only active if the Reauthentication Enabled
checkbox is checked.
Valid values are in the range 1 to 3600 seconds.
EAPOL Timeout:
Determines the time for retransmission of Request Identity EAPOL frames.
Valid values are in the range 1 to 255 seconds. This has no effect for MACbased ports.
Aging Period:
This setting applies to the following modes, i.e. modes using the Port
Security functionality to secure MAC addresses:
• Single 802.1X
• Multi 802.1X
• MAC-Based Auth.
When the NAS module uses the Port Security module to secure MAC
addresses, the Port Security module needs to check for activity on the MAC
address in question at regular intervals and free resources if no activity is
seen within a given period of time. This parameter controls exactly this
period and can be set to a number between 10 and 1000000 seconds.
If reauthentication is enabled and the port is in an 802.1X-based mode, this
is not so critical, since supplicants that are no longer attached to the port
will get removed upon the next reauthentication, which will fail. But if
reauthentication is not enabled, the only way to free resources is by aging
the entries.
For ports in MAC-based Auth. mode, reauthentication doesn't cause direct
communication between the switch and the client, so this will not detect
274
APS User Manual
whether the client is still attached or not, and the only way to free any
resources is to age the entry.
Hold Time:
This setting applies to the following modes, i.e. modes using the Port
Security functionality to secure MAC addresses:
• Single 802.1X
• Multi 802.1X
• MAC-Based Auth.
If a client is denied access - either because the RADIUS server denies the
client access or because the RADIUS server request times out (according to
the timeout specified on the "Configuration→Security→AAA" page) - the
client is put on hold in the Unauthorized state. The hold timer does not
count during an on-going authentication.
In MAC-based Auth. mode, the switch will ignore new frames coming from
the client during the hold time.
The Hold Time can be set to a number between 10 and 1000000 seconds.
RADIUS-Assigned QoS Enabled: RADIUS-assigned QoS provides a means to centrally control the
traffic class to which traffic coming from a successfully authenticated
supplicant is assigned on the switch. The RADIUS server must be configured
to transmit special RADIUS attributes to take advantage of this feature (see
RADIUS-Assigned QoS Enabled below for a detailed description)
The "RADIUS-Assigned QoS Enabled" checkbox provides a quick way to
globally enable/disable RADIUS-server assigned QoS Class functionality.
When checked, the individual ports' ditto setting determine whether
RADIUS-assigned QoS Class is enabled on that port. When unchecked,
RADIUS-server assigned QoS Class is disabled on all ports.
RADIUS-Assigned VLAN Enabled: RADIUS-assigned VLAN provides a means to centrally control the
VLAN on which a successfully authenticated supplicant is placed on the
switch. Incoming traffic will be classified to and switched on the RADIUSassigned VLAN. The RADIUS server must be configured to transmit special
RADIUS attributes to take advantage of this feature (see RADIUS-Assigned
VLAN Enabled below for a detailed description).
The "RADIUS-Assigned VLAN Enabled" checkbox provides a quick way to
globally enable/disable RADIUS-server assigned VLAN functionality. When
checked, the individual ports' ditto setting determine whether RADIUS275
APS User Manual
assigned VLAN is enabled on that port. When unchecked, RADIUS-server
assigned VLAN is disabled on all ports.
Guest VLAN Enabled:
A Guest VLAN is a special VLAN - typically with limited network access - on
which 802.1X-unaware clients are placed after a network administratordefined timeout. The switch follows a set of rules for entering and leaving
the Guest VLAN as listed below.
The "Guest VLAN Enabled" checkbox provides a quick way to globally
enable/disable Guest VLAN functionality. When checked, the individual
ports' ditto setting determines whether the port can be moved into Guest
VLAN. When unchecked, the ability to move to the Guest VLAN is disabled
on all ports.
Guest VLAN ID:
This is the value that a port's Port VLAN ID is set to if a port is moved into
the Guest VLAN. It is only changeable if the Guest VLAN option is globally
enabled.
Valid values are in the range [1; 4095].
Max. Reauth. Count:
The number of times the switch transmits an EAPOL Request Identity frame
without response before considering entering the Guest VLAN is adjusted
with this setting. The value can only be changed if the Guest VLAN option is
globally enabled.
Valid values are in the range [1; 255].
Allow Guest VLAN if EAPOL Seen: The switch remembers if an EAPOL frame has been received on the
port for the life-time of the port. Once the switch considers whether to
enter the Guest VLAN, it will first check if this option is enabled or disabled.
If disabled (unchecked; default), the switch will only enter the Guest VLAN if
an EAPOL frame has not been received on the port for the life-time of the
port. If enabled (checked), the switch will consider entering the Guest VLAN
even if an EAPOL frame has been received on the port for the life-time of
the port.
The value can only be changed if the Guest VLAN option is globally enabled.
Port Configuration:
The table has one row for each port on the selected switch and a number of
columns, which are:
Port:
Physical port of the switch.
Admin State:
If NAS is globally enabled, this selection controls the port's authentication
mode. The following modes are available:
Force Authorized: In this mode, the switch will send one EAPOL Success
276
APS User Manual
frame when the port link comes up, and any client on the port will be
allowed network access without authentication.
Force Unauthorized: In this mode, the switch will send one EAPOL Failure
frame when the port link comes up, and any client on the port will be
disallowed network access.
Port-based 802.1X: In the 802.1X-world, the user is called the supplicant,
the switch is the authenticator, and the RADIUS server is the authentication
server. The authenticator acts as the man-in-the-middle, forwarding
requests and responses between the supplicant and the authentication
server. Frames sent between the supplicant and the switch are special
802.1X frames, known as EAPOL (EAP over LANs) frames. EAPOL frames
encapsulate EAP PDUs (RFC3748). Frames sent between the switch and the
RADIUS server are RADIUS packets. RADIUS packets also encapsulate EAP
PDUs together with other attributes like the switch's IP address, name, and
the supplicant's port number on the switch. EAP is very flexible, in that it
allows for different authentication methods, like MD5-Challenge, PEAP, and
TLS. The important thing is that the authenticator (the switch) doesn't need
to know which authentication method the supplicant and the authentication
server are using, or how many information exchange frames are needed for
a particular method. The switch simply encapsulates the EAP part of the
frame into the relevant type (EAPOL or RADIUS) and forwards it.
When authentication is complete, the RADIUS server sends a special packet
containing a success or failure indication. Besides forwarding this decision to
the supplicant, the switch uses it to open up or block traffic on the switch
port connected to the supplicant
NOTE: Suppose two backend servers are enabled and that the
server timeout is configured to X seconds (using the AAA
configuration page), and suppose that the first server in the list is
currently down (but not considered dead).
Now, if the supplicant retransmits EAPOL Start frames at a rate
faster than X seconds, then it will never get authenticated, because
the switch will cancel on-going backend authentication server
requests whenever it receives a new EAPOL Start frame from the
supplicant.
And since the server hasn't yet failed (because the X seconds
haven't expired), the same server will be contacted upon the next
backend authentication server request from the switch. This
277
APS User Manual
scenario will loop forever. Therefore, the server timeout should be
smaller than the supplicant's EAPOL Start frame retransmission rate.
Single 802.1X: In port-based 802.1X authentication, once a supplicant is
successfully authenticated on a port, the whole port is opened for network
traffic. This allows other clients connected to the port (for instance through
a hub) to piggy-back on the successfully authenticated client and get
network access even though they really aren't authenticated. To overcome
this security breach, use the Single 802.1X variant. Single 802.1X is really not
an IEEE standard, but features many of the same characteristics as does
port-based 802.1X. In Single 802.1X, at most one supplicant can get
authenticated on the port at a time. Normal EAPOL frames are used in the
communication between the supplicant and the switch. If more than one
supplicant is connected to a port, the one that comes first when the port's
link comes up will be the first one considered. If that supplicant doesn't
provide valid credentials within a certain amount of time, another supplicant
will get a chance. Once a supplicant is successfully authenticated, only that
supplicant will be allowed access. This is the most secure of all the
supported modes. In this mode, the Port Security module is used to secure a
supplicant's MAC address once successfully authenticated.
Multi 802.1X: In port-based 802.1X authentication, once a supplicant is
successfully authenticated on a port, the whole port is opened for network
traffic. This allows other clients connected to the port (for instance through
a hub) to piggy-back on the successfully authenticated client and get
network access even though they really aren't authenticated. To overcome
this security breach, use the Multi 802.1X variant.
Multi 802.1X is really not an IEEE standard, but features many of the same
characteristics as does port-based 802.1X. Multi 802.1X is - like Single 802.1X
- not an IEEE standard, but a variant that features many of the same
characteristics. In Multi 802.1X, one or more supplicants can get
authenticated on the same port at the same time. Each supplicant is
authenticated individually and secured in the MAC table using the Port
Security module.
In Multi 802.1X it is not possible to use the multicast BPDU MAC address as
278
APS User Manual
destination MAC address for EAPOL frames sent from the switch towards
the supplicant, since that would cause all supplicants attached to the port to
reply to requests sent from the switch. Instead, the switch uses the
supplicant's MAC address, which is obtained from the first EAPOL Start or
EAPOL Response Identity frame sent by the supplicant. An exception to this
is when no supplicants are attached. In this case, the switch sends EAPOL
Request Identity frames using the BPDU multicast MAC address as
destination - to wake up any supplicants that might be on the port.
The maximum number of supplicants that can be attached to a port can be
limited using the Port Security Limit Control functionality.
MAC-based Auth.: Unlike port-based 802.1X, MAC-based authentication is
not a standard, but merely a best-practices method adopted by the industry.
In MAC-based authentication, users are called clients, and the switch acts as
the supplicant on behalf of clients. The initial frame (any kind of frame) sent
by a client is snooped by the switch, which in turn uses the client's MAC
address as both username and password in the subsequent EAP exchange
with the RADIUS server. The 6-byte MAC address is converted to a string on
the following form "xx-xx-xx-xx-xx-xx", that is, a dash (-) is used as separator
between the lower-cased hexadecimal digits. The switch only supports the
MD5-Challenge authentication method, so the RADIUS server must be
configured accordingly.
When authentication is complete, the RADIUS server sends a success or
failure indication, which in turn causes the switch to open up or block traffic
for that particular client, using the Port Security module. Only then will
frames from the client be forwarded on the switch. There are no EAPOL
frames involved in this authentication, and therefore, MAC-based
Authentication has nothing to do with the 802.1X standard.
The advantage of MAC-based authentication over port-based 802.1X is that
several clients can be connected to the same port (e.g. through a 3rd party
switch or a hub) and still require individual authentication, and that the
clients don't need special supplicant software to authenticate. The
advantage of MAC-based authentication over 802.1X-based authentication
is that the clients don't need special supplicant software to authenticate.
The disadvantage is that MAC addresses can be spoofed by malicious users equipment whose MAC address is a valid RADIUS user can be used by
anyone. Also, only the MD5-Challenge method is supported. The maximum
number of clients that can be attached to a port can be limited using the
Port Security Limit Control functionality.
279
APS User Manual
RADIUS-Assigned QoS Enabled: When RADIUS-Assigned QoS is both globally enabled and enabled
(checked) on a given port, the switch reacts to QoS Class information carried
in the RADIUS Access-Accept packet transmitted by the RADIUS server when
a supplicant is successfully authenticated. If present and valid, traffic
received on the supplicant's port will be classified to the given QoS Class. If
(re-)authentication fails or the RADIUS Access-Accept packet no longer
carries a QoS Class or it's invalid, or the supplicant is otherwise no longer
present on the port, the port's QoS Class is immediately reverted to the
original QoS Class (which may be changed by the administrator in the
meanwhile without affecting the RADIUS-assigned).
This option is only available for single-client modes, i.e.
• Port-based 802.1X
• Single 802.1X
RADIUS attributes used in identifying a QoS Class:
Refer to the written documentation for a description of the RADIUS
attributes needed in order to successfully identify a QoS Class. The UserPriority-Table attribute defined in RFC4675 forms the basis for identifying
the QoS Class in an Access-Accept packet.
Only the first occurrence of the attribute in the packet will be considered,
and to be valid, it must follow this rule:
All 8 octets in the attribute's value must be identical and consist of ASCII
characters in the range '0' - '3', which translates into the desired QoS Class in
the range [0; 3].
RADIUS-Assigned VLAN Enabled: When RADIUS-Assigned VLAN is both globally enabled and enabled
(checked) for a given port, the switch reacts to VLAN ID information carried
in the RADIUS Access-Accept packet transmitted by the RADIUS server when
a supplicant is successfully authenticated. If present and valid, the port's
Port VLAN ID will be changed to this VLAN ID, the port will be set to be a
member of that VLAN ID, and the port will be forced into VLAN unaware
mode. Once assigned, all traffic arriving on the port will be classified and
switched on the RADIUS-assigned VLAN ID.
If (re-)authentication fails or the RADIUS Access-Accept packet no longer
carries a VLAN ID or it's invalid, or the supplicant is otherwise no longer
present on the port, the port's VLAN ID is immediately reverted to the
original VLAN ID (which may be changed by the administrator in the
meanwhile without affecting the RADIUS-assigned).
This option is only available for single-client modes, i.e.
280
APS User Manual
• Port-based 802.1X
• Single 802.1X
For trouble-shooting VLAN assignments, use the "Monitor→VLANs→VLAN
Membership and VLAN Port" pages. These pages show which modules have
(temporarily) overridden the current Port VLAN configuration.
RADIUS attributes used in identifying a VLAN ID:
RFC2868 and RFC3580 form the basis for the attributes used in identifying a
VLAN ID in an Access-Accept packet. The following criteria are used:
• The Tunnel-Medium-Type, Tunnel-Type, and Tunnel-Private-Group-ID
attributes must all be present at least once in the Access-Accept packet.
• The switch looks for the first set of these attributes that have the same
Tag value and fulfil the following requirements (if Tag == 0 is used, the
Tunnel-Private-Group-ID does not need to include a Tag):
- Value of Tunnel-Medium-Type must be set to "IEEE-802" (ordinal 6).
- Value of Tunnel-Type must be set to "VLAN" (ordinal 13).
- Value of Tunnel-Private-Group-ID must be a string of ASCII chars in the
range '0' - '9', which is interpreted as a decimal string representing the VLAN
ID. Leading '0's are discarded. The final value must be in the range [1; 4095].
Guest VLAN Enabled:
When Guest VLAN is both globally enabled and enabled (checked) for a
given port, the switch considers moving the port into the Guest VLAN
according to the rules outlined below.
This option is only available for EAPOL-based modes, i.e.:
• Port-based 802.1X
• Single 802.1X
• Multi 802.1X
For trouble-shooting VLAN assignments, use the "Monitor→VLANs→VLAN
Membership and VLAN Port" pages. These pages show which modules have
(temporarily) overridden the current Port VLAN configuration.
Guest VLAN Operation:
When a Guest VLAN enabled port's link comes up, the switch starts
transmitting EAPOL Request Identity frames. If the number of transmissions
of such frames exceeds Max. Reauth. Count and no EAPOL frames have been
received in the meanwhile, the switch considers entering the Guest VLAN.
The interval between transmission of EAPOL Request Identity frames is
configured with EAPOL Timeout. If Allow Guest VLAN if EAPOL Seen is
enabled, the port will now be placed in the Guest VLAN. If disabled, the
switch will first check its history to see if an EAPOL frame has previously
been received on the port (this history is cleared if the port link goes down
281
APS User Manual
or the port's Admin State is changed), and if not, the port will be placed in
the Guest VLAN. Otherwise it will not move to the Guest VLAN, but continue
transmitting EAPOL Request Identity frames at the rate given by EAPOL
Timeout.
Once in the Guest VLAN, the port is considered authenticated, and all
attached clients on the port are allowed access on this VLAN. The switch will
not transmit an EAPOL Success frame when entering the Guest VLAN.
While in the Guest VLAN, the switch monitors the link for EAPOL frames, and
if one such frame is received, the switch immediately takes the port out of
the Guest VLAN and starts authenticating the supplicant according to the
port mode. If an EAPOL frame is received, the port will never be able to go
back into the Guest VLAN if the "Allow Guest VLAN if EAPOL Seen" is
disabled.
Port State:
The current state of the port. It can undertake one of the following values:
Globally Disabled: NAS is globally disabled.
Link Down: NAS is globally enabled, but there is no link on the port.
Authorized: The port is in Force Authorized or a single-supplicant mode and
the supplicant is authorized.
Unauthorized: The port is in Force Unauthorized or a single-supplicant mode
and the supplicant is not successfully authorized by the RADIUS server.
X Auth/Y Unauth: The port is in a multi-supplicant mode. Currently X clients
are authorized and Y are unauthorized.
Restart:
Two buttons are available for each row. The buttons are only enabled when
authentication is globally enabled and the port's Admin State is in an EAPOLbased or MAC-based mode.
Clicking these buttons will not cause settings changed on the page to take
effect.
Reauthenticate: Schedules a reauthentication whenever the quiet-period of
the port runs out (EAPOL-based authentication). For MAC-based
authentication, reauthentication will be attempted immediately.
The button only has effect for successfully authenticated clients on the port
and will not cause the clients to get temporarily unauthorized.
Reinitialize: Forces a reinitialization of the clients on the port and thereby a
reauthentication immediately. The clients will transfer to the unauthorized
state while the reauthentication is in progress.
Refresh:
Used to manually refresh the information on the page.
282
APS User Manual
Reset Button:
Used to reset unsaved changes to original configuration.
Apply Button:
Used to save the settings configured on this page.
283
APS User Manual
1.3.5-2 Switch Status
This section is used to view the NAS Status Information on the APS switch.
Web Interface
To view the NAS information via the Web Interface:
1. Click Security, NAS and Switch Status.
2. If you want to auto-refresh the information you will need to check the Auto-Refresh tick box.
3. Click Refresh to manually refresh the information.
Fig. 135 Network Access Server Status
Parameter Description
Port:
Physical port of the switch. Click on the port number to view details for
statistics.
Admin State:
The port's current administrative state. Refer to NAS Admin State for a
description of possible values.
Port State:
The current state of the port. Refer to NAS Port State for a description of the
individual states.
284
APS User Manual
Last Source:
The source MAC address carried in the most recently received EAPOL frame
for EAPOL-based authentication, and the most recently received frame from
a new client for MAC-based authentication.
Last ID:
The user name (supplicant identity) carried in the most recently received
Response Identity EAPOL frame for EAPOL-based authentication, and the
source MAC address from the most recently received frame from a new
client for MAC-based authentication.
QoS Class:
QoS Class assigned to the port by the RADIUS server if enabled.
Port VLAN ID:
The VLAN ID that NAS has put the port in. The field is blank, if the Port VLAN
ID is not overridden by NAS.
Auto-Refresh:
Tick the box to enable the information to be automatically refreshed.
Refresh:
Used to manually refresh the information on the page.
285
APS User Manual
1.3.5-3 Port Status
This section is used to view the Port Status of the NAS function on the APS switch.
Web Interface
To view the Port related NAS information via the Web Interface:
1. Click Security, NAS and Port Status.
2. If you want to auto-refresh the information you will need to check the Auto-Refresh tick box.
3. Click Refresh to manually refresh the information.
Fig. 136 Network Access Server Port Status
Parameter Description
Admin State:
The port's current administrative state. Refer to NAS Admin State for a
description of possible values.
Port State:
The current state of the port. Refer to NAS Port State for a description of the
individual states.
Port:
Select the required port from the drop down box at the top of the screen.
Auto-Refresh:
Tick the box to enable the information to be automatically refreshed.
Refresh:
Used to manually refresh the information on the page.
286
APS User Manual
1.3.6 AAA
The APS Series switches supports AAA (Authentication, Authorization, Accounting) to provide access
control to your network. The AAA server can be a TACACS+ or RADIUS server to create and manage
objects that contain settings for using AAA servers.
1.3.6-1 Configuration
This section is used to configure the AAA settings for the APS switch.
Web Interface
To configure a Common Configuration of AAA in the web interface:
1. Click Security, AAA and Configuration.
2. Set Timeout (Default is 15 seconds).
3. Set Dead Time (Default is 300 seconds).
To configure a TACACS+ Authorization and Accounting Configuration of AAA in the web interface:
1. Click Security, AAA and Configuration.
2. Select “Enabled” in the Authorization.
3. Select “Enabled” in the Failback to Local Authorization.
4. Select “Enabled” in the Account.
To configure a RADIUS Authentication Server Configuration of AAA in the web interface:
1. Check “Enabled”.
2. Specify IP address or Hostname for Radius Server.
3. Specify Authentication Port for Radius Server (Default is 1812).
4. Specify the Secret with Radius Server.
To configure a RADIUS Accounting Server Configuration of AAA in the web interface:
1. Check “Enabled”.
2. Specify IP address or Hostname for Radius Server.
3. Specify Authentication Port for Radius Server (Default is 1813).
4. Specify the Secret with Radius Server.
To configure a TACACS+ Authentication Server Configuration of AAA in the web interface:
287
APS User Manual
1. Check “Enabled”.
2. Specify IP address or Hostname for TACACS+ Server.
3. Specify Authentication Port for TACACS+ Server (Default is 49).
4. Specify the Secret with TACACS+ Server.
Fig. 137 AAA Configuration
Parameter Description
Timeout:
The Timeout, which can be set to a number between 3 and 3600 seconds, is
the maximum time to wait for a reply from a server.
If the server does not reply within this timeframe, we will consider it to be
dead and continue with the next enabled server (if any).
RADIUS servers are using the UDP protocol, which is unreliable by design. In
order to cope with lost frames, the timeout interval is divided into 3
subintervals of equal length. If a reply is not received within the subinterval,
the request is transmitted again. This algorithm causes the RADIUS server to
be queried up to 3 times before it is considered to be dead.
Dead Time:
The Dead Time, which can be set to a number between 0 and 3600 seconds,
is the period during which the switch will not send new requests to a server
that has failed to respond to a previous request. This will stop the switch
from continually trying to contact a server that it has already determined as
dead.
288
APS User Manual
Setting the Dead Time to a value greater than 0 (zero) will enable this
feature, but only if more than one server has been configured.
TACACS+ Authorization and Accounting Configuration
Authorisation:
Every command will be authorized by the TACACS+ server when enabled.
The authorization table on the TACACS+ server is able to configure which
command can be passed successfully. For example, TACACS+ server is set to
accept STP command but deny VLAN command. The server will block any
commands related to VLAN’s entered by the user, but it will allow STP
commands to be configured when entered by the user
Fallback to Local Auth: Enable to allow the user who typed wrong account or password to login
successfully when the user account is on the local authorization list of the
local switch. For example, when user entered the wrong account or
password, TACACS+ server will refer to the account information on the local
end of switch. If the account is recorded on the local switch, the user will be
authorized to login with the privilege level set on the local switch.
Accounting:
Enable to record all commands entered by a specific user. All the log data
will be recorded on the server when enabled. For instance, login time, log
out time, IGMP setting, VLAN setting, etc.
RADIUS Authentication Server Configuration
#:
The RADIUS Authentication Server number for which the configuration
below applies.
Enabled:
Enable the RADIUS Authentication Server by checking this box.
IP Address/Hostname: The IP address or hostname of the RADIUS Authentication Server. IP address
is expressed in dotted decimal notation.
Port:
The UDP port to use on the RADIUS Authentication Server. If the port is set
to 0 (zero), the default port (1812) is used on the RADIUS Authentication
Server.
Secret:
The secret - up to 29 characters long - shared between the RADIUS
Authentication Server and the switch.
RADIUS Accounting Server Configuration
#:
The RADIUS Accounting Server number for which the configuration below
applies.
Enabled:
Enable the RADIUS Accounting Server by checking this box.
289
APS User Manual
IP Address/Hostname: The IP address or hostname of the RADIUS Accounting Server. IP address is
expressed in dotted decimal notation.
Port:
The UDP port to use on the RADIUS Accounting Server. If the port is set to 0
(zero), the default port (1813) is used on the RADIUS Accounting Server.
Secret:
The secret - up to 29 characters long - shared between the RADIUS
Accounting Server and the switch.
TACACS+ Authentication Server Configuration
#:
The TACACS+ Authentication Server number for which the configuration
below applies.
Enabled:
Enable the TACACS+ Authentication Server by checking this box.
IP Address/Hostname: The IP address or hostname of the TACACS+ Authentication Server. IP
address is expressed in dotted decimal notation.
Port:
The TCP port to use on the TACACS+ Authentication Server. If the port is set
to 0 (zero), the default port (49) is used on the TACACS+ Authentication
Server.
Secret:
The secret - up to 29 characters long - shared between the TACACS+
Authentication Server and the switch.
Reset Button:
Used to reset unsaved changes to original configuration.
Apply Button:
Used to save the settings configured on this page.
290
APS User Manual
1.3.6-2 RADIUS Overview
This section is used show you an overview of the status of the RADIUS Authentication and
Accounting servers.
Web Interface
To view the RADIUS Server overview in the web interface:
1. Click Security, AAA and RADIUS Overview.
2. If you want to auto-refresh the information you will need to check the Auto-Refresh tick box.
3. Click Refresh to manually refresh the information.
Fig. 138 RADIUS Overview
Parameter Description
RADIUS Authentication Servers Status Overview
#:
The RADIUS server number. Click to navigate to detailed statistics for this
server.
IP Address:
The IP address and UDP port number (in <IP Address>:<UDP Port> notation)
of this server.
State:
The current state of the server. This field takes one of the following values:
Disabled: The server is disabled.
291
APS User Manual
Not Ready: The server is enabled, but IP communication is not yet up and
running.
Ready: The server is enabled, IP communication is up and running, and the
RADIUS module is ready to accept access attempts.
Dead (X seconds left): Access attempts were made to this server, but it did
not reply within the configured timeout. The server has temporarily been
disabled, but will get re-enabled when the dead-time expires. The number
of seconds left before this occurs is displayed in parentheses. This state is
only reachable when more than one server is enabled.
RADIUS Accounting Servers Status Overview
#:
The RADIUS server number. Click to navigate to detailed statistics for this
server.
IP Address:
The IP address and UDP port number (in <IP Address>:<UDP Port> notation)
of this server.
State:
The current state of the server. This field takes one of the following values:
Disabled: The server is disabled.
Not Ready: The server is enabled, but IP communication is not yet up and
running.
Ready: The server is enabled, IP communication is up and running, and the
RADIUS module is ready to accept access attempts.
Dead (X seconds left): Access attempts were made to this server, but it did
not reply within the configured timeout. The server has temporarily been
disabled, but will get re-enabled when the dead-time expires. The number
of seconds left before this occurs is displayed in parentheses. This state is
only reachable when more than one server is enabled.
Auto-Refresh:
Tick the box to enable the information to be automatically refreshed.
Refresh:
Used to manually refresh the information on the page.
292
APS User Manual
1.3.6-3 RADIUS Details
This section shows you detailed information of the RADIUS Accounting and Authentication Statistics.
Web Interface
To view the RADIUS Detailed Information in the web interface:
1. Click Security, AAA and RADIUS Details.
2. Specify the Server you wish to view statistics for.
3. If you want to auto-refresh the information you will need to check the Auto-Refresh tick box.
4. Click Refresh to manually refresh the information.
Fig. 139 RADIUS Detailed Statistics
Parameter Description
RADIUS Authentication Statistics
Packet Counters:
Direction
Rx
RADIUS authentication server packet counter. There are seven receive and
four transmit counters.
Name
Access
Accepts
RFC4668 Name
Description
radiusAuthClientExtAccess The number of RADIUS Access-Accept
Accepts
packets (valid or invalid) received from the
293
APS User Manual
server.
Rx
Access
Rejects
The number of RADIUS Access-Reject
radiusAuthClientExtAccessR
packets (valid or invalid) received from the
ejects
server.
Rx
Access
Challenges
The number of RADIUS Access-Challenge
radiusAuthClientExtAccessC
packets (valid or invalid) received from the
hallenges
server.
Rx
Malformed
Access
Responses
The number of malformed RADIUS AccessResponse packets received from the
server. Malformed packets include packets
radiusAuthClientExtMalfor
with an invalid length. Bad authenticators
medAccessResponses
or Message Authenticator attributes or
unknown types are not included as
malformed access responses.
Rx
The number of RADIUS Access-Response
Bad
radiusAuthClientExtBadAut packets containing invalid authenticators
Authenticato
or Message Authenticator attributes
henticators
rs
received from the server.
Rx
Unknown
Types
The number of RADIUS packets that were
radiusAuthClientExtUnkno received with unknown types from the
server on the authentication port and
wnTypes
dropped.
Rx
Packets
Dropped
The number of RADIUS packets that were
radiusAuthClientExtPackets received from the server on the
authentication port and dropped for some
Dropped
other reason.
Tx
Access
Requests
The number of RADIUS Access-Request
radiusAuthClientExtAccessR
packets sent to the server. This does not
equests
include retransmissions.
Tx
Access
Retransmissi
ons
The number of RADIUS Access-Request
radiusAuthClientExtAccessR
packets retransmitted to the RADIUS
etransmissions
authentication server.
Tx
Pending
Requests
radiusAuthClientExtPendin The number of RADIUS Access-Request
packets destined for the server that have
gRequests
not yet timed out or received a response.
294
APS User Manual
This variable is incremented when an
Access-Request is sent and decremented
due to receipt of an Access-Accept, AccessReject, Access-Challenge, timeout, or
retransmission.
Tx
Timeouts
Other Info:
The number of authentication timeouts to
the server. After a timeout, the client may
retry to the same server, send to a
radiusAuthClientExtTimeou different server, or give up. A retry to the
same server is counted as a retransmit as
ts
well as a timeout. A send to a different
server is counted as a Request as well as a
timeout.
This section contains information about the state of the server and the
latest round-trip time.
Name
RFC4668 Name
Description
IP Address -
IP address and UDP port for the authentication server in
question.
State
-
Shows the state of the server. It takes one of the following
values:
Disabled: The selected server is disabled.
Not Ready: The server is enabled, but IP communication is
not yet up and running.
Ready: The server is enabled, IP communication is up and
running, and the RADIUS module is ready to accept access
attempts.
Dead (X seconds left): Access attempts were made to this
server, but it did not reply within the configured timeout.
The server has temporarily been disabled, but will get reenabled when the dead-time expires. The number of
seconds left before this occurs is displayed in parentheses.
This state is only reachable when more than one server is
enabled.
RoundTrip Time
radiusAuthClientExtRoundT The time interval (measured in milliseconds) between the
ripTime
most recent Access-Reply/Access-Challenge and the
295
APS User Manual
Access-Request that matched it from the RADIUS
authentication server. The granularity of this measurement
is 100 ms. A value of 0 ms indicates that there hasn't been
round-trip communication with the server yet.
RADIUS Accounting Statistics
Packet Counters:
Direction
RADIUS authentication server packet counter. There are five receive and
four transmit counters.
RFC4670 Name
Description
Responses
radiusAccClientExtResponses
The number of RADIUS packets (valid
or invalid) received from the server.
Rx
Malformed
Responses
The number of malformed RADIUS
packets received from the server.
Malformed packets include packets
radiusAccClientExtMalformed
with an invalid length. Bad
Responses
authenticators or unknown types are
not included as malformed access
responses.
Rx
Bad
Authenticators
The number of RADIUS packets
radiusAcctClientExtBadAuthe
containing invalid authenticators
nticators
received from the server.
Rx
Unknown Types
The number of RADIUS packets of
radiusAccClientExtUnknownT unknown types that were received
from the server on the accounting
ypes
port.
Rx
The number of RADIUS packets that
radiusAccClientExtPacketsDro were received from the server on the
Packets Dropped
accounting port and dropped for
pped
some other reason.
Rx
Name
radiusAccClientExtRequests
The number of RADIUS packets sent
to the server. This does not include
retransmissions.
Tx
Requests
Tx
Retransmissions radiusAccClientExtRetransmis The number of RADIUS packets
296
APS User Manual
retransmitted to the RADIUS
accounting server.
sions
Tx
Tx
Other Info:
Pending
Requests
The number of RADIUS packets
destined for the server that have not
yet timed out or received a response.
radiusAccClientExtPendingRe
This variable is incremented when a
quests
Request is sent and decremented
due to receipt of a Response,
timeout, or retransmission.
Timeouts
The number of accounting timeouts
to the server. After a timeout, the
client may retry to the same server,
send to a different server, or give up.
radiusAccClientExtTimeouts A retry to the same server is counted
as a retransmit as well as a timeout.
A send to a different server is
counted as a Request as well as a
timeout.
This section contains information about the state of the server and the
latest round-trip time.
Name
RFC4670 Name
Description
IP Address -
IP address and UDP port for the accounting server in
question.
State
Shows the state of the server. It takes one of the
following values:
Disabled: The selected server is disabled.
Not Ready: The server is enabled, but IP
communication is not yet up and running.
Ready: The server is enabled, IP communication is
up and running, and the RADIUS module is ready to
accept accounting attempts.
Dead (X seconds left): Accounting attempts were
made to this server, but it did not reply within the
configured timeout. The server has temporarily
been disabled, but will get re-enabled when the
-
297
APS User Manual
dead-time expires. The number of seconds left
before this occurs is displayed in parentheses. This
state is only reachable when more than one server
is enabled.
RoundTrip Time
The time interval (measured in milliseconds)
between the most recent Response and the
Request that matched it from the RADIUS
radiusAccClientExtRoundTripTime accounting server. The granularity of this
measurement is 100 ms. A value of 0 ms indicates
that there hasn't been round-trip communication
with the server yet.
Auto-Refresh:
Tick the box to enable the information to be automatically refreshed.
Refresh:
Used to manually refresh the information on the page.
298
APS User Manual
1.3.7 Port Security
The APS Series switches supports a Port Security function allowing the administrator to specify the
amount MAC Addresses allowed to be accessed by an individual port.
1.3.7-1 Limit Control
This section is used to configure the amount of MAC Addresses allowed to by the port and you can
also specify the action taken once this configured threshold has been reached
Web Interface
To configure the Port Security limitations via the web interface:
1. Click Security, Port Security and Limit Control.
2. Specify the appropriate system settings for your configuration.
3. Enable per port settings based on your requirements.
4. Click the Apply button to save your changes or the Reset button to revert to previous
settings.
Fig. 140 Port Security Limit Control
Parameter Description
Mode:
Indicates if Limit Control is globally enabled or disabled on the switch. If
globally disabled, other modules may still use the underlying functionality,
but limit checks and corresponding actions are disabled.
299
APS User Manual
Aging Enabled:
If checked, secured MAC addresses are subject to aging as discussed under
Aging Period.
Aging Period:
If Aging Enabled is checked, then the aging period is controlled with this
input. If other modules are using the underlying port security for securing
MAC addresses, they may have other requirements to the aging period. The
underlying port security will use the shorter requested aging period of all
modules that use the functionality.
The Aging Period can be set to a number between 10 and 10,000,000
seconds.
To understand why aging may be desired, consider the following scenario:
Suppose an end-host is connected to a 3rd party switch or hub, which in
turn is connected to a port on this switch on which Limit Control is enabled.
The end-host will be allowed to forward if the limit is not exceeded. Now
suppose that the end-host logs off or powers down. If it wasn't for aging, the
end-host would still take up resources on this switch and will be allowed to
forward. To overcome this situation, enable aging. With aging enabled, a
timer is started once the end-host gets secured. When the timer expires, the
switch starts looking for frames from the end-host, and if such frames are
not seen within the next Aging Period, the end-host is assumed to be
disconnected, and the corresponding resources are freed on the switch.
Port Configuration
Port:
Physical port of the switch.
Mode:
Controls whether Limit Control is enabled on this port. Both this and the
Global Mode must be set to Enabled for Limit Control to be in effect. Notice
that other modules may still use the underlying port security features
without enabling Limit Control on a given port.
Limit:
The maximum number of MAC addresses that can be secured on this port.
This number cannot exceed 1024. If the limit is exceeded, the corresponding
action is taken.
The switch is "born" with a total number of MAC addresses from which all
ports draw whenever a new MAC address is seen on a Port Security-enabled
port. Since all ports draw from the same pool, it may happen that a
configured maximum cannot be granted, if the remaining ports have already
used all available MAC addresses.
Action:
If Limit is reached, the switch can take one of the following actions:
None: Do not allow more than Limit MAC addresses on the port, but take no
further action.
300
APS User Manual
Trap: If Limit + 1 MAC addresses is seen on the port, send an SNMP trap. If
Aging is disabled, only one SNMP trap will be sent, but with Aging enabled,
new SNMP traps will be sent every time the limit is exceeded.
Shutdown: If Limit + 1 MAC addresses is seen on the port, shut down the
port. This implies that all secured MAC addresses will be removed from the
port, and no new address will be learned. Even if the link is physically
disconnected and reconnected on the port (by disconnecting the cable), the
port will remain shut down. There are three ways to re-open the port:
1)
Reboot the switch.
2)
Disable and re-enable Limit Control on the port or the switch.
3)
Click the Reopen button.
Trap & Shutdown: If Limit + 1 MAC addresses is seen on the port, both the
"Trap" and the "Shutdown" actions described above will be taken.
State:
This column shows the current state of the port as seen from the Limit
Control's point of view. The state takes one of four values:
Disabled: Limit Control is either globally disabled or disabled on the port.
Ready: The limit is not yet reached. This can be shown for all actions.
Limit Reached: Indicates that the limit is reached on this port. This state can
only be shown if Action is set to None or Trap.
Shutdown: Indicates that the port is shut down by the Limit Control module.
This state can only be shown if Action is set to Shutdown or Trap &
Shutdown.
Re-Open Button:
If a port is shut down by this module, you may reopen it by clicking this
button, which will only be enabled if this is the case. For other methods,
refer to Shut down in the Action section.
NOTE: That clicking the reopen button causes the page to be
refreshed, so non-committed changes will be lost
Refresh:
Used to manually refresh the information on the page.
Reset Button:
Used to reset unsaved changes to original configuration.
Apply Button:
Used to save the settings configured on this page.
301
APS User Manual
1.3.7-2 Switch Status
This section shows the Port Security status. Port Security is a module with no direct configuration.
Configuration comes indirectly from other modules - the user modules. When a user module has
enabled port security on a port, the port is set-up for software-based learning. In this mode, frames
from unknown MAC addresses are passed on to the port security module, which in turn asks all user
modules whether to allow this new MAC address to forward or block it. For a MAC address to be set
in the forwarding state, all enabled user modules must unanimously agree on allowing the MAC
address to forward. If only one chooses to block it, it will be blocked until that user module decides
otherwise. The status page is divided into two sections - one with a legend of user modules and one
with the actual port status.
Web Interface
To view the Port Security Switch Status via the web interface:
1. Click Security, Port Security and Switch Status.
2. If you want to auto-refresh the information you will need to check the Auto-Refresh tick box.
3. Click Refresh to manually refresh the information.
Fig. 141 Port Security Switch Status
Parameter Description
User Module Legend
User Module Name:
The full name of a module that may request Port Security services.
302
APS User Manual
Abbr:
A one-letter abbreviation of the user module. This is used in the Users
column in the port status table.
Port Status
Port:
The port number for which the status applies. Click the port number to see
the status for this particular port.
Users:
Each of the user modules has a column that shows whether that module has
enabled Port Security or not. A '-' means that the corresponding user
module is not enabled, whereas a letter indicates that the user module
abbreviated by that letter (see Abbr) has enabled port security.
State:
Shows the current state of the port. It can take one of four values:
Disabled: No user modules are currently using the Port Security service.
Ready: The Port Security service is in use by at least one user module, and is
awaiting frames from unknown MAC addresses to arrive.
Limit Reached: The Port Security service is enabled by at least the Limit
Control user module, and that module has indicated that the limit is reached
and no more MAC addresses should be taken in.
Shutdown: The Port Security service is enabled by at least the Limit Control
user module, and that module has indicated that the limit is exceeded. No
MAC addresses can be learned on the port until it is administratively reopened on the Limit Control configuration Web-page.
MAC Count:
The two columns indicate the number of currently learned MAC addresses
(forwarding as well as blocked) and the maximum number of MAC addresses
that can be learned on the port, respectively.
If no user modules are enabled on the port, the Current column will show a
dash (-).
If the Limit Control user module is not enabled on the port, the Limit column
will show a dash (-).
Indicates the number of currently learned MAC addresses (forwarding as
well as blocked) on the port. If no user modules are enabled on the port, a
dash (-) will be shown.
Auto-Refresh:
Tick the box to enable the information to be automatically refreshed.
Refresh:
Used to manually refresh the information on the page.
303
APS User Manual
1.3.7-3 Port Status
This section shows the MAC addresses secured by the Port Security module. Port Security is a
module with no direct configuration. Configuration comes indirectly from other modules - the user
modules. When a user module has enabled port security on a port, the port is set-up for softwarebased learning. In this mode, frames from unknown MAC addresses are passed on to the port
security module, which in turn asks all user modules whether to allow this new MAC address to
forward or block it. For a MAC address to be set in the forwarding state, all enabled user modules
must unanimously agree on allowing the MAC address to forward. If only one chooses to block it, it
will be blocked until that user module decides otherwise.
Web Interface
To view the Port Security Switch Status via the web interface:
1. Click Security, Port Security and Port Status.
2. Select the port from the drop down box you would like to view the status of.
3. If you want to auto-refresh the information you will need to check the Auto-Refresh tick box.
4. Click Refresh to manually refresh the information.
Fig. 142 Port Security Port Status
304
APS User Manual
Parameter Description
MAC Address and VLAN ID: The MAC address and VLAN ID that is seen on this port. If no MAC
addresses are learnt, a single row stating "No MAC addresses attached" is
displayed.
State:
Indicates whether the corresponding MAC address is blocked or forwarding.
In the blocked state, it will not be allowed to transmit or receive traffic.
Time of Addition:
Shows the date and time when this MAC address was first seen on the port.
Age/Hold:
If at least one user module has decided to block this MAC address, it will
stay in the blocked state until the hold time (measured in seconds) expires.
If all user modules have decided to allow this MAC address to forward, and
aging is enabled, the Port Security module will periodically check that this
MAC address still forwards traffic. If the age period (measured in seconds)
expires and no frames have been seen, the MAC address will be removed
from the MAC table. Otherwise a new age period will begin.
If aging is disabled or a user module has decided to hold the MAC address
indefinitely, a dash (-) will be shown.
Auto-Refresh:
Tick the box to enable the information to be automatically refreshed.
Refresh:
Used to manually refresh the information on the page.
305
APS User Manual
1.3.8 Access Management
The APS Series switches supports a number of methods for configuring the switch. This section is
used to allow/deny specific IP Addresses from accessing HTTP/HTTPS, SNMP or Telnet/SSH access.
1.3.8-1 Configuration
This section is used to configure the Access Management function of the APS Series switch.
Web Interface
To configure the Access Management settings via the web interface:
1. Click Security, Access Management and Configuration.
2. Click Add New Entry.
3. Specify the start and end IP Address and select the type of access allowed.
4. Click the Apply button to save your changes or the Reset button to revert to previous
settings.
Fig. 143 Access Management Configuration
Parameter Description
Mode:
Indicates the access management mode operation. Possible modes are:
Enabled: Enable access management mode operation.
Disabled: Disable access management mode operation.
306
APS User Manual
Delete:
Check to delete the entry. It will be deleted during the next save.
Start IP Address:
Indicates the start IP address for the access management entry.
End IP Address:
Indicates the end IP address for the access management entry.
HTTP/HTTPS:
Indicates that the host can access the switch from HTTP/HTTPS interface if
the host IP address matches the IP address range provided in the entry.
SNMP:
Indicates that the host can access the switch from SNMP interface if the host
IP address matches the IP address range provided in the entry.
TELNET/SSH:
Indicates that the host can access the switch from TELNET/SSH interface if
the host IP address matches the IP address range provided in the entry.
Reset Button:
Used to reset unsaved changes to original configuration.
Apply Button:
Used to save the settings configured on this page.
307
APS User Manual
1.3.8-2 Statistics
This section is used to view the statistics of the Access Management function of the APS Series
switch.
Web Interface
To view the Access Management statistics via the web interface:
1. Click Security, Access Management and Statistics.
2. If you want to auto-refresh the information you will need to check the Auto-Refresh tick box.
3. Click Refresh to manually refresh the information.
Fig. 144 Access Management Statistics
Parameter Description
Interface:
The interface type through which the remote host can access the switch.
Received Packets:
Number of received packets from the interface when access management
mode is enabled.
Allowed Packets:
Number of allowed packets from the interface when access management
mode is enabled.
Discarded Packets:
Number of discarded packets from the interface when access management
mode is enabled.
308
APS User Manual
Auto-Refresh:
Tick the box to enable the information to be automatically refreshed.
Refresh:
Used to manually refresh the information on the page.
309
APS User Manual
1.3.9 SSH
The APS Series switches supports SSH access to the management interface. SSH is a secure
communication protocol that combines authentication and data encryption to provide secure
encrypted communication.
Web Interface
To enable/disable SSH via the web interface:
1. Click Security and SSH.
2. Select to enable or disable SSH.
3. Click the Apply button to save your changes or the Reset button to revert to previous
settings.
Fig. 145 SSH Configuration
Parameter Description
Mode:
Indicates the SSH mode operation. Possible modes are:
Enabled: Enable SSH mode operation.
Disabled: Disable SSH mode operation.
Reset Button:
Used to reset unsaved changes to original configuration.
Apply Button:
Used to save the settings configured on this page.
310
APS User Manual
1.3.10 HTTPS
The APS Series switches supports HTTPS access to the management interface. HTTPS is a secure
communication protocol that combines authentication and data encryption to provide secure
encrypted communication via the browser.
Web Interface
To enable/disable HTTPS via the web interface:
1. Click Security and HTTPS.
2. Select to enable or disable HTTPS.
3. Select to enable Automatic Redirect of HTTP to HTTPS
4. Click the Apply button to save your changes or the Reset button to revert to previous
settings.
Fig. 146 HTTPS Configuration
Parameter Description
Mode:
Indicates the HTTPS mode operation. Possible modes are:
Enabled: Enable HTTPS mode operation.
Disabled: Disable HTTPS mode operation.
Automatic Redirect:
Indicates the HTTPS redirect mode operation. Automatically redirect web
browser to HTTPS when HTTPS mode is enabled. Possible modes are:
311
APS User Manual
Enabled: Enable HTTPS redirect mode operation.
Disabled: Disable HTTPS redirect mode operation.
Reset Button:
Used to reset unsaved changes to original configuration.
Apply Button:
Used to save the settings configured on this page.
312
APS User Manual
1.3.11 Auth Method
The APS Series switches support different ways of authenticating a user when logging into the
management of the switch. Authentication can be done locally, via TACACS+ or via RADIUS.
Web Interface
To configure the Authentication Method via the web interface:
1. Click Security and Auth Method.
2. Select the Authentication method for console, telent, ssh and web access.
3. Select to enable Fallback.
4. Click the Apply button to save your changes or the Reset button to revert to previous
settings.
Fig. 147 Authentication Method Configuration
Parameter Description
Client:
The management client for which the configuration below applies.
Authentication Method: Authentication Method can be set to one of the following values:
None: authentication is disabled and login is not possible.
Local: use the local user database on the switch for authentication.
Radius: use a remote RADIUS server for authentication.
Tacacs+: use a remote TACACS+ server for authentication.
313
APS User Manual
Fallback:
Enable fallback to local authentication by checking this box.
If none of the configured authentication servers are alive, the local user
database is used for authentication.
This is only possible if the Authentication Method is set to a value other than
'none' or 'local'.
Reset Button:
Used to reset unsaved changes to original configuration.
Apply Button:
Used to save the settings configured on this page.
314
APS User Manual
1.4 Maintenance
This chapter describes all of the switch Maintenance configuration tasks to enhance the
performance of the switch, including Restart Device, Firmware upgrade, Save/Restore,
Import/Export, and Diagnostics.
1.4.1 Restart Device
This section explains how to restart the device.
Web Interface
To restart the switch via the Web Interface:
1. Click Maintenance and Restart Device.
2. Click Yes to restart the device.
Fig. 148 Restart Device
Parameter Description
Restart Device:
You can restart the switch on this page. After restart, the switch will boot
normally.
Yes:
Click “Yes” to restart the device.
No:
Click to undo any restart action.
315
APS User Manual
1.4.2 Firmware
This section is used to upgrade the firmware in the APS Series switches. Firmware updates are
provided periodically to provide bug fixes and features enhancements. The APS Series switches
support Dual Firmware Images, allowing the administrator to upload two firmware images into the
switch. This allows you to easily roll back to a previous version, if you have issues with a new
firmware that you have loaded.
1.4.2-1 Firmware Upgrade
This section is used to upgrade the firmware in the APS switch.
Web Interface
To upgrade the firmware in the switch via the Web Interface:
1. Click Maintenance, Firmware and Firmware Upgrade.
2. Click browse to select your firmware files and click upload to apply the new firmware.
Fig. 149 Firmware Upgrade
Parameter Description
Browse:
Click the “Browse” button to select the firmware file to upload.
Upload:
Click the “Upload” button to upload the firmware into the switch.
316
APS User Manual
WARNING: While the firmware is being updated, Web access
appears to be defunct. The front LED flashes Green/Off with a
frequency of 10 Hz while the firmware update is in progress. Do
not restart or power off the device at this time or the switch
may fail to function afterwards.
317
APS User Manual
1.4.2-2 Firmware Selection
This section is used to switch between the latest uploaded firmware image and the previously
uploaded firmware image. This page displays both firmware file details including the version
number.
Web Interface
To select the required firmware to be used in the switch via the Web Interface:
1. Click Maintenance, Firmware and Firmware Selection.
2. Click on the Activate Alternate Image button to switch to the old firmware version.
Fig. 150 Firmware Selection
Parameter Description
Image:
The flash index name of the firmware image. The name of primary
(preferred) image is managed, the alternate image is named managed.bk.
Version:
The version of the firmware image.
Date:
The date of the firmware image.
Activate Alternate Image: Click this button to switch to the Alternate firmware version.
Cancel:
Cancel the firmware selection process.
318
APS User Manual
NOTE:
1. In case the active firmware image is the alternate image, only
the "Active Image" table is shown. In this case, the Activate
Alternate Image button is also disabled.
2. If the alternate image is active (due to a corruption of the
primary image or by manual intervention), uploading a new
firmware image to the device will automatically use the primary
image slot and activate this.
3. The firmware version and date information may be empty for
older firmware releases. This does not constitute an error.
319
APS User Manual
1.4.3 Save/Restore
This section is used to backup, restore, and save the configuration in the switch.
1.4.3-1 Factory Defaults
This section is used to reset the switch back to its factory default settings.
Web Interface
To Factory Default the switch via the Web Interface:
1. Click Maintenance, Save/Restore and Factory Defaults.
2. Select to set the IP Address back to Factory Default, or leave it as previously configured.
3. Press Yes to set the switch to Factory Default Settings, press No to cancel the request.
Fig. 151 Factory Defaults
Parameter Description
Restore Default Configuration without changing current IP Address: Check this box if you do not want
to reset the IP Address to factory default.
Yes:
Press Yes button to factory default the switch.
No:
Press No to cancel the request.
320
APS User Manual
1.4.3-2 Save Start
This section describes how to save the Switch Start configuration. Any current configuration files will
be saved as XML format. This must be performed after configuration of the switch. If the Start
configuration is not saved after the switch has been powered off it will revert back to previous
settings.
Web Interface
To Save the Startup Configuration in the switch via the Web Interface:
1. Click Maintenance, Save/Restore and Save Start.
2. Press Save.
Fig. 152 Save Start Up Configuration
Parameter Description
Save:
Save Start Up Configuration.
NOTE:
This must be performed after configuration of the switch. If the
Start configuration is not saved after the switch has been
powered off it will revert back to previous settings.
321
APS User Manual
1.4.3-3 Save User
This section describes how to save the Switch User configuration. Any current configuration files will
be saved as XML format.
Web Interface
To Save the User Configuration in the switch via the Web Interface:
1. Click Maintenance, Save/Restore and Save User.
2. Press Save.
Fig. 153 Save User Configuration
Parameter Description
Save:
Save Start Up Configuration.
322
APS User Manual
1.4.3-4 Restore User
This section describes how to restore user’s information back to the switch. Any current
configuration files will be restored via XML format. Web Interface
To Restore the User Configuration in the switch via the Web Interface:
1. Click Maintenance, Save/Restore and Restore User.
2. Press Save.
Fig. 154 Restore User Configuration
Parameter Description
Save:
Save Start Up Configuration.
323
APS User Manual
1.4.4 Export/Import
This section describes how to export and import the Switch configuration. Any current configuration
files will be exported as XML format.
1.4.4-1 Export Configuration
This section is used to Save / Export the currently running configuration file of the switch.
Web Interface
To Save the configuration file of the switch via the Web Interface:
1. Click Maintenance, Export/Import and Export Configuration.
2. Click Save to save the configuration file in XML format.
Fig. 155Export Configuration File
Parameter Description
Save:
Press the save button to save the configuration file to your computer.
324
APS User Manual
1.4.4-2 Import Configuration
This section is used to Import a saved configuration file into the switch.
Web Interface
To Import a configuration file into the switch via the Web Interface:
1. Click Maintenance, Export/Import and Import Configuration.
2. Click Choose File to browse for the previously saved configuration file.
3. Click upload to load the file into the switch.
Fig. 156 Import Configuration File
Parameter Description
Choose File:
Press the “Choose File” Button to browse for the saved configuration file.
Upload:
Press upload to apply the configuration file to the switch.
325
APS User Manual
1.4.5 Diagnostics
This section provides a set of basic system diagnosis. It lets users know whether the system is healthy
or needs to be fixed. Users can also check network connectivity issues with the Ping command. The
basic system check includes ICMP Ping, ICMPv6, and VeriPHY Cable Diagnostics.
1.4.5-1 Ping
This section is used to test network connectivity issues using the Ping command.
Web Interface
To test network connectivity using the switch via the Web Interface:
1. Click Maintenance, Diagnostics and Ping.
2. Enter the IP Address of the device you are trying to communicate with.
3. Set the ping Data Length, Ping Count and Ping Interval.
4. Click the Start button to commence the test.
Fig. 157 Ping Command
326
APS User Manual
Parameter Description
IP Address:
The destination IP Address you want to ping it.
Ping Length:
The payload size of the ICMP packet. Values range from 2 bytes to 1452
bytes.
Ping Count:
The count of the ICMP packet. Values range from 1 time to 60 times.
Ping Interval:
The interval of the ICMP packet. Values range from 0 second to 30 seconds.
327
APS User Manual
1.4.5-2 Ping6
This section is used to test network connectivity issues using the Ping IPv6 command.
Web Interface
To test IPv6 network connectivity using the switch via the Web Interface:
1. Click Maintenance, Diagnostics and Ping.
2. Enter the IP Address of the device you are trying to communicate with.
3. Set the ping Data Length, Ping Count and Ping Interval.
4. Click the Start button to commence the test.
Fig. 158 Ping IPv6 Command
Parameter Description
IP Address:
The destination IP Address you want to ping it.
Ping Length:
The payload size of the ICMP packet. Values range from 2 bytes to 1452
bytes.
Ping Count:
The count of the ICMP packet. Values range from 1 time to 60 times.
Ping Interval:
The interval of the ICMP packet. Values range from 0 second to 30 seconds.
328
APS User Manual
1.4.5-3 VeriPHY
This section is used for running the VeriPHY Cable Diagnostics. Press to run the diagnostics. This will
take approximately 5 seconds. If all ports are selected, this can take approximately 15 seconds.
When completed, the page refreshes automatically, and you can view the cable diagnostics results in
the cable status table. Note that VeriPHY is only accurate for cables of length 7 -140 meters.10 and
100 Mbps ports will be linked down while running VeriPHY. Therefore, running VeriPHY on a 10 or
100 Mbps management port will cause the switch to stop responding until VeriPHY is complete.
Web Interface
To perform a VeriPHY Cable Diagnostic test via the Web Interface:
1. Specify the port in which you wish to perform a test.
2. Click Start to perform the test.
Fig. 159 VeriPHY Cable Diagnostic Test
Parameter Description
Port:
The physical port of the switch.
Cable Status:
Port: Port number.
Pair: The status of the cable pair.
Length: The length (in meters) of the cable pair.
329
APS User Manual
2. Specifications
APS Series Model
10T2SFP
24T6SFP
48T4SFP
24T4S4SFP
48T4S4SFP
10x GbE
26x GbE
48x GbE
28x GbE
52x GbE
UTP (10/100/1000Mbps)
8
20
44
20
44
UTP/(100M/1G) SFP
2
4
4
4
4
SFP (100M/1G)
-
2
-
-
-
SFP+ (1G/10G)
-
-
-
4
4
8
24
48
24
48
UTP Ports
1-8
UTP Ports
1-24
UTP Ports
1-48
UTP Ports 124
UTP Ports 148
Interface
Total Ports, comprising
Power Over Ethernet
Total IEEE 802.3af/at PoE
Ports
PoE compliant Ports
Max AF/AT Power Per
Port (watts)
Total Power Budget
(watts)
15.4W 802.3af / 25.5W 802.3at
130W
250W
360W
250W
380W
General
Jumbo Frames
MAC Table
9Kb on Gigabit Interfaces
8K
32K
32K
32K
32K
14.88
mpps
38.69
mpps
71.42
mpps
95.23
mpps
130.94
mpps
20Gbps
52Gbps
96Gbps
128Gbps
136Gbps
Performance
Switching Capacity
Forwarding Rate
Layer 2+ Switching
Spanning Tree
LACP Trunking
Spanning Tree Protocols supported: STP, RSTP, MSTP
5 groups,
10 ports
12
groups, 8
ports per
330
24
groups,
12 ports
14 groups, 8
ports per
24 groups,
12 ports per
APS User Manual
per group
VLAN
Voice VLAN
GVRP
DHCP Relay
group
per group
group
group
4K VLAN’s: Port based VLAN’s; 802.1Q; MAC Based VLAN’s;
Management VLAN; Private VLAN
Voice traffic is automatically assigned to a voice-specific VLAN and
treated with appropriate levels of QoS
Supported
Relay of DHCP traffic to DHCP server in different VLAN.
Works with DHCP Option 82
IGMP Snooping
V1, V2 and v3 . Supports 1024 Multicast Groups
IGMP Querier
Supported
IGMP Proxy
Supported
MLD Snooping
v1 and v2
Security
SSH
v1 and v2 are supported
SSL
Supported
IEEE 802.1x
Layer 2 isolation
IEEE802.1x: RADIUS authentication, authorisation and accounting,
MD5 hash, guest VLAN, single/multiple host mode and
single/multiple sessions. Supports IGMP-RADIUS based 802.1x
Dynamic VLAN assignment
PVE (Private VLAN Edge, aka protected ports) for L2 isolation
between clients in the same VLAN. Supports multiple uplinks.
Port Security
Locks MAC Addresses to ports, and limits the number of learned
MAC addresses
IP Source Guard
Supports illegal IP address from accessing to specific port in the
switch.
RADIUS/ TACACS+
Storm control
ACLs
Supports RADIUS and TACACS+ authentication. Switch as a client.
Broadcast, multicast, or unicast storm on a port.
Supports up to 256 entries
Drop or rate limitation based on source and destination MAC, VLAN
ID or IP address, protocol, port, differentiated services code point
331
APS User Manual
(DSCP) / IP precedence, TCP/ UDP source and destination ports,
802.1p priority, Ethernet type, Internet Control Message Protocol
(ICMP) packets, IGMP packets, TCP flag.
Port Security
Locks MAC Addresses to ports, and limits the number of learned
MAC addresses
Quality of Service
H/W Priority Queue
Scheduling
Supports 8 hardware priority queues
Strict priority and weighted round-robin (WRR). Queue assignment
based on DSCP and class of service (802.1p/ CoS)
Classification
Port based; 802.1p VLAN priority based; IPv4/IPv6 precedence/
type of service (ToS) / DSCP based; Differentiated Services
(DiffServ); classification and re-marking ACLs, trusted QoS
Rate Limiting
Ingress policer; egress shaping and rate control; per VLAN, per port
and flow based
IPv6 applications
Web/SSL, Telnet/SSH, Ping, Simple Network Time Protocol (SNTP),
Trivial File Transfer Protocol (TFTP), SNMP, RADIUS, Syslog
Management
Web GUI interface
Dual Image
HTTP/ HTTPS
Dual image provides independent primary and secondary OS files
for backup while upgrading.
SNMP
SNMP v1, 2c and 3
RMON
RMON (Remote Monitoring) groups 1,2,3,9
IPv4 and IPv6
Firmware Upgrade
Port mirroring
Dual protocol stack supported
Web browser upgrade (HTTP/ HTTPS) and TFTP Upgrade through
console port also supported.
Up to 8 source ports can be mirrored to single destination port
s-Flow
Monitoring for high speed switched networks supported
UPnP
Universal Plug and Play supported
Green Ethernet
Link detection
Compliant with IEEE802.3az Energy Efficient Ethernet.
332
APS User Manual
Automatically turns off power on Gigabit Ethernet RJ-45 port when
detecting link down or client idle. Active mode is resumed without
loss of any packets when the switch detects link up.
Cable length detection
Adjusts the signal strength based on the cable length. Reduces the
power consumption for shorter cables.
Discovery
LLDP
IEEE802.1AB - Link Layer Detection Protocol with LLDP-MED
extensions
Environmental Specifications
Dimensions (WxHxD,
mm)
280 x 44 x
166
Case
Desktop
Weight
1.382Kg
Temperature
Humidity
442 x 44 x
300
442 x 44 x 385
1RU rackmount (mounting kit included), all metal case
3.84Kg
5Kg
0° to 40° operating; -20° to 70° storage
10% to 90% , relative, non-condensing
Power Supply
100-240VAC 50-60Hz, internal , universal
Certification
CE Mark, FCC Part 15 (CFR47) Class A, C-Tick
333

Top types

Top brands

Top types

Top brands

Top types

Top brands

Top types

Top brands

Top types

Top brands

Top types

Top brands

Top types

Top brands

Top types

Top brands

Top types

Top brands

Top types

Top brands

Top types

Top brands

Top types

Top brands

Top types

Top brands

Download Alloy APS-48T4SFP User manual